payload for backup

[12321]

Hi!

can anyone help make bunny mk2 payload to backup pcs/laptops with win10pro (x64)?

i need to create docs backup to bunny's SD: user name folder>3 separated sub folders ms office documents\pictures\videos (all pcs have only C, maybe 1 or 2 will also have D)

need to skip if files already exists and same as in previous backup, if not to create "original file name"(date).file's extension

will be great if there is no need of login... if laptop is "sleeping", do i need to "wake" him before backup?

does it matter if user names in different languages?

[PoSHMagiC0de]

smbexfil may take care of what you want to do.

Sleeping machines that lock will not work on.  You will need to get past the lock with a known password or manually.

 

If you are signing on to the machine as local admin to grab all profiles then admin will be needed and your script will have to identity ever user folder under c:\users.

If profile is not on C then you will need to go into the registry to get each of the user hive paths to pull from there.

It is some thinking and scripting for both.

 

Please do not hit me up in PM to build you payloads.  Usually I have been batting 10/10 of user I respond to in forum hammering me in PM to do stuff for them, etc....that I ignore. I prefer you figure it out yourself as I have a job and paid well.  I do not need a second income or job, especially not an illegal one.

 

I have to put that in my messages cause it is better safe that sorry and prevents you from sitting there wondering why I did not respond to your PMs if you send them.

[12321]

if i could figure out by my self, i wouldn't ask for help.

if it was for illegal work, i wouldn't post in open forum... no need of hacking or stealing pws, for this stuff there million forums with ready payloads (even here)...

this is just for backup... for users here that already know bb and what they are doing and what it needs, it will take couple min? for me it will take weeks...

 

anyone here can post or pm me more updated payload repository with bigger collection? maybe will be easier making from couple payloads...

thanks!

[kuyaya]

Yeah but you will learn a lot more if you do it by yourself.

So you just need to backup the Documents folder with its subfolders?

[12321]

1 hour ago, kuyaya said:

So you just need to backup the Documents folder with its subfolders?

yes, but will be great to search pc for them, in case of someone kipping them on desktop or other folders...

no need of all docs... only office *.docx,pptx,pdf

[PoSHMagiC0de]

If you are using the MKII then I would suggest using a blank microSD formatted for fat32, cause the BB MKII does not do exfat yet.  FAT32 has a 4GB file size limit.  If there are any files bigger then 4GB, they will throw errors.

You will have just the payload.txt in the switch folder you desire but all other files like the ps1 file will be on the MMC you made.

You payload.txt will first run:

udisk mount

to mount the MMC and then you will run attackmode HID and STORAGE.  I am pseudo coding here so you can write it yourself.

The mounting above will mount the MMC and switch out the nandf and we want to do this before the STORAGE attackmode else your nandf will be mounted as storage and AV will probably go nuts due to you probably have all the hak5 repo payloads on it.

The next commands will be you either running the file directly in powershell, quacked out to run, or running a downloader quacked out in powershell command line to pull said file and run it as string (IEX method).

In said Powershell file you will need the root where you are searching for files.  If you say whole disk you are in for a long wait and a ton of junk coming over.  If you are looking at users folder then you will need the path to that.  If you want that auto, you will need to learn how to browse registry with powershell to get the default profile path to start from.

Next, split-path command works wonders cause you can grab the leaf (ending part of file path), parent (full path of what folder leaf resides in) and NoQualifier (which removes the drive name so you can replace it with BB drive.)  Get-Childitem or GCI works like dir and ls.  You have a "Path" param to put in the root folder to start searching, a recursive param to browse sub folders and you can use -filter or -include params to put in the wildcard files as a list you are looking for (*.xdoc,*.pdf).

You can use what GCI returns to loop through and use the variable source itself as source for copy-item and for destination you can get the leaf of your root, combine that with the bunny drive and then replace the fullname of the file you are copying (fullname is in variable from gci) using the full name of your root to be replaced by the combined path to your bunny thus making the path point to your bunny with file name.  You may have to use "-force" with the copy-item cmdlet if the path does not exist so it can create it else it will error about the path not existing.  If you want the full path from the drive then for destination you can split-path the fullname of file with "NoQualifier" to remove drive letter and combine it with the drive letter for bashbunny and this will get you the source to copy to.

 

This is a brief overview.  You can learn about pulling files from the BB or downloaders from other payloads on the site which will include how to get drive letter of bashbunny using powershell.  The only new thing you will be doing here is using the MMC instead of nandf.

[12321]

topic can be closed, i'm selling bb mk2... (selling in same price that it was bought. if anyone interested, pm me.)