hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/Incident_Response/Link_File_analysis/readme.md
Aidan Holland 5a77792c1d Update and fix payloads (#277) 
* Updated all Payloads for Version 1.2+

Fixed Style Issues on extensions and payloads.
Added GET TARGET_OS to get.sh
Removed and Fixed all uses ducky_helper.sh (Issue #248)
Removed all mention of DUCKY_LANG (Issue #248)
Renamed Payloads with spaces in name
Added an extension to keep Macs Happy
Added a payload for Mac DNS poisoning
Fixed Issue #271 changed wget to curl -o
Implemented PR #268
Implemented PR #273

* Fixed e.cmd

* Fix e.cmd pt2

* Fixed Issues

Fixed issues pointed out by @sebkinne
Fixed styling errors
2017-10-25 11:10:17 +11:00

975 B
Raw Blame History

Author : Paul Murton

Notes :

My background is in Computer Forensics and incident response. I am new to Powershell, so it's likely that the script is inefficient, but it does work.

In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfiltrated file on the media. In this scenario, a local lnk file will be created, providing evidence of the files existance.

This payload uses a powershell script to search the user profle for lnk files where the target is on a drive other than the C: Drive.

The output is put into a CSV file in the folder \loot\link-files

Tested on ver 1.3

STATUS

LED Status
Purple (blinking) Attack in progress
Green (blinking) Attack Finished