mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
5a77792c1d
* Updated all Payloads for Version 1.2+ Fixed Style Issues on extensions and payloads. Added GET TARGET_OS to get.sh Removed and Fixed all uses ducky_helper.sh (Issue #248) Removed all mention of DUCKY_LANG (Issue #248) Renamed Payloads with spaces in name Added an extension to keep Macs Happy Added a payload for Mac DNS poisoning Fixed Issue #271 changed wget to curl -o Implemented PR #268 Implemented PR #273 * Fixed e.cmd * Fix e.cmd pt2 * Fixed Issues Fixed issues pointed out by @sebkinne Fixed styling errors
29 lines
803 B
Markdown
29 lines
803 B
Markdown
Based on a payload written by Simen Kjeserud
|
|
|
|
Tested on firmware 1.3
|
|
|
|
Searches the user profile for .lnk files and reports on the file name,
|
|
Target file, Date Created, Date Last Written. Results are provided in
|
|
a CSV file.
|
|
|
|
Output = \loot\Link-Files\link_files.csv
|
|
|
|
Background
|
|
In an incident where it is suspected that a user has exfiltrated
|
|
data to a USB drive, the target element of any .lnk files may show
|
|
files on external media (i.e. not the C: drive.).
|
|
|
|
Note - using this payload is NOT forensically sound!
|
|
|
|
|
|
## STATUS
|
|
|
|
| LED | Status |
|
|
| ---------------- | ------------------------------------- |
|
|
| Purple (blinking)| Attack in progress |
|
|
| Green (blinking) | Attack Finished |
|
|
|
|
|
|
|
|
|