SmartFileExtract is a find-and-copy utility written specifically for the Hak5 BashBunny but also is usable as a standalone utility. Files are found by standard patterns (including wildcards) and then copied to any valid path.

Additional features:

Find by seeking keywords in any file.
Use “curtains” that show standard progress, no window, or stealthy windows that are either inconspicuous or look just like a regular install window.
Best of all, stop the copy after a specified time or amount in MBs has been copied - or even stop it manually. No longer worry about pulling the BashBunny while in mid-operation.

Where do I get it?

Download the SmartFileExtract utility from

https://github.com/saintcrossbow/SmartFileExtract

You will only need the SmartFileExtract.exe from the project root.

So how does it work?

SmartFileExtract runs from the command line using three mandatory parameters: the file pattern to find (/file), the drives to seek (/drive), and where to copy the found files (/copyto).

There are additional options to make the extract stealthier. The SmartFileExtract documentation explains in detail, and you can also see options by typing SmartFileExtract /help

What is the payload setup to do?

I've included the script that I actually use, which works using IMcPwn's ExecutableInstaller:

Options are in e.cmd file
It finds all documents and any filename with the word “secret” or “pass” in it
Found files are copied to loot directory
It will kill the extract after 90 seconds or after 500 MBs are copied.