mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
1 line
1.6 KiB
Markdown
1 line
1.6 KiB
Markdown
# Exfiltrate using SmartFileExtract Utility
|
|
saintcrossbow@gmail.com
|
|
|
|
### What is SmartFileExtract anyway?
|
|
SmartFileExtract is a find-and-copy utility written specifically for the Hak5 BashBunny but also is usable as a standalone utility. Files are found by standard patterns (including wildcards) and then copied to any valid path.
|
|
|
|
Additional features:
|
|
|
|
* Find by seeking keywords in any file.
|
|
* Use “curtains” that show standard progress, no window, or stealthy windows that are either inconspicuous or look just like a regular install window.
|
|
* Best of all, stop the copy after a specified time or amount in MBs has been copied - or even stop it manually. No longer worry about pulling the BashBunny while in mid-operation.
|
|
|
|
### Where do I get it?
|
|
Download the SmartFileExtract utility from
|
|
|
|
https://github.com/saintcrossbow/SmartFileExtract
|
|
|
|
You will only need the SmartFileExtract.exe from the project root.
|
|
|
|
### So how does it work?
|
|
SmartFileExtract runs from the command line using three mandatory parameters: the file pattern to find (/file), the drives to seek (/drive), and where to copy the found files (/copyto).
|
|
|
|
There are additional options to make the extract stealthier. The SmartFileExtract documentation explains in detail, and you can also see options by typing `SmartFileExtract /help`
|
|
|
|
### What is the payload setup to do?
|
|
I've included the script that I actually use, which works using IMcPwn's ExecutableInstaller:
|
|
|
|
* Options are in e.cmd file
|
|
* It finds all documents and any filename with the word “secret” or “pass” in it
|
|
* Found files are copied to loot directory
|
|
* It will kill the extract after 90 seconds or after 500 MBs are copied.
|
|
|