[Payload] Ghost Cleanup
https://github.com/bg-wa/bashbunny-payloads/tree/develop/payloads/library/ghost_cleanup
The goal of this payload is to provide a universal (WIn/Mac/Lin) HID script to clean up your tracks after an attack. The idea is to have this as a switch 2 payload to easily execute after an attack.
Currently, I have code to:
Select OS (Defaults to linux, but can be switched manually or with attack 1, by writing an appropriately named file to the BB loot folder)
Ducky script from E2124 to open cmd/terminal
Clear input history
[mac/linux] Clear all bash history (or optioanlly set how many lines to remove from the end of ~./bash_history)
[Win] use regedit to remove run commands
[Win] Remove extra Ethernet adapters created by BB. (*WIP, looking at different methods)
Comments providing guidance on where to insert your custom cleanup code for each platform
Please feel free for fork and contribute!
** This script is a Work in Progress, as I'm still waiting on my BashBunny to arrive.