hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/exfiltration/SmartFileExtract_Exfiltrator/readme.md
saintcrossbow 08c24c4389 Added SmartFileExtract payload (#296)
2017-11-27 12:16:17 +11:00

1.6 KiB
Raw Blame History

Exfiltrate using SmartFileExtract Utility

saintcrossbow@gmail.com

What is SmartFileExtract anyway?

SmartFileExtract is a find-and-copy utility written specifically for the Hak5 BashBunny but also is usable as a standalone utility. Files are found by standard patterns (including wildcards) and then copied to any valid path.

Additional features:

  • Find by seeking keywords in any file.
  • Use “curtains” that show standard progress, no window, or stealthy windows that are either inconspicuous or look just like a regular install window.
  • Best of all, stop the copy after a specified time or amount in MBs has been copied - or even stop it manually. No longer worry about pulling the BashBunny while in mid-operation.

Where do I get it?

Download the SmartFileExtract utility from

https://github.com/saintcrossbow/SmartFileExtract

You will only need the SmartFileExtract.exe from the project root.

So how does it work?

SmartFileExtract runs from the command line using three mandatory parameters: the file pattern to find (/file), the drives to seek (/drive), and where to copy the found files (/copyto).

There are additional options to make the extract stealthier. The SmartFileExtract documentation explains in detail, and you can also see options by typing SmartFileExtract /help

What is the payload setup to do?

I've included the script that I actually use, which works using IMcPwn's ExecutableInstaller:

  • Options are in e.cmd file
  • It finds all documents and any filename with the word “secret” or “pass” in it
  • Found files are copied to loot directory
  • It will kill the extract after 90 seconds or after 500 MBs are copied.