mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
26 lines
1.2 KiB
Plaintext
26 lines
1.2 KiB
Plaintext
Method of calling SmartFileExtractor is based on the excellent work of IMcPwn: the ExecutableInstaller.
|
|
See the BashBunny Wiki for the original version.
|
|
|
|
Setup:
|
|
- Download the SmartFileExtract utility from https://github.com/saintcrossbow/SmartFileExtract
|
|
* Quick tip: you only need the SmartFileExtract.exe from the project root
|
|
- Copy SmartFileExtract.exe to the root of the bashubunny
|
|
- Change payload.txt:
|
|
a) Your file volume name for the bashbunny (if necessary)
|
|
b) What kind of device you want the bunny to spoof.
|
|
Note: Very much recommend you do this, otherwise will be picked up by forensics
|
|
- Change e.cmd:
|
|
a) Change your options for Smart File Extract here.
|
|
|
|
The default payload included in this distribution:
|
|
- Looks to Forensics like a Lexar drive (but still called BashBunny)
|
|
- Finds all files with a) the word secret or pass in the filename as well as b) any doc files
|
|
- Reports status as a fake install window
|
|
- Stops extract after 90 seconds or 500 MBs
|
|
|
|
SmartFileExtract has full documentation on how to use the utility, but if you want to kick the tires and light the fires, run:
|
|
smartfileextract /help
|
|
|
|
Good luck!
|
|
|
|
Saint Crossbow |