# Exfiltrate using SmartFileExtract Utility
saintcrossbow@gmail.com

### What is SmartFileExtract anyway?
SmartFileExtract is a find-and-copy utility written specifically for the Hak5 BashBunny but also is usable as a standalone utility. Files are found by standard patterns (including wildcards) and then copied to any valid path. 

Additional features:

* Find by seeking keywords in any file.
* Use “curtains” that show standard progress, no window, or stealthy windows that are either inconspicuous or look just like a regular install window.
* Best of all, stop the copy after a specified time or amount in MBs has been copied - or even stop it manually. No longer worry about pulling the BashBunny while in mid-operation.

### Where do I get it?
Download the SmartFileExtract utility from 

https://github.com/saintcrossbow/SmartFileExtract

You will only need the SmartFileExtract.exe from the project root.

### So how does it work?
SmartFileExtract runs from the command line using three mandatory parameters: the file pattern to find (/file), the drives to seek (/drive), and where to copy the found files (/copyto). 

There are additional options to make the extract stealthier. The SmartFileExtract documentation explains in detail, and you can also see options by typing `SmartFileExtract /help`

### What is the payload setup to do?
I've included the script that I actually use, which works using IMcPwn's ExecutableInstaller:

* Options are in e.cmd file 
* It finds all documents and any filename with the word “secret” or “pass” in it 
* Found files are copied to loot directory
* It will kill the extract after 90 seconds or after 500 MBs are copied.