weyne/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5darren/bashbunny-payloads.git synced 2025-10-29 16:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/faster_smb_exfiltrator/readme.md
Darren Kitchen 02d0358ccb Add faster SMB Exfiltrator payload
2017-03-28 20:10:01 +07:00

1.4 KiB
Raw Blame History

Faster SMB Exfiltrator

  • Author: Hak5Darren
  • Props: ImNatho, mike111b, madbuda
  • Version: Version 1.0
  • Target: Windows XP SP3+ (Powershell)
  • Category: Exfiltration
  • Attackmodes: HID, Ethernet

Description

Exfiltrates select files from users's documents folder via SMB. Liberated documents will reside in Bash Bunny loot directory under loot/smb_exfiltrator/HOSTNAME/DATE_TIME

Rewrite of the original SMB Exfiltrator payload with:

  • Faster copying, using robocopy multithreaded mode
  • Faster finish, using a EXFILTRATION_COMPLETE file
  • Offload logic to target PC for accurate date/time
  • Clears tracks by default without second run dialog
  • Test-Connection handling by ICMP (no lame sleeps)
  • Hidden powershell window by default

Configuration

Configured to copy docx files by default. Change $exfil_ext in s.ps1 to desired.

STATUS

LED Status
Red (blinking) Impacket not found in /pentest
Magenta (blinking) HID Stage
Magenta Ethernet Stage
Magenta/Blue Receiving files
White Moving liberated files to mass storage
Green Finished