hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Username Change

pull/655/head
0i41E 2024-05-28 19:34:18 +02:00 committed by GitHub
parent 5b4693a27a
commit 27ad6acfe2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
26 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
payloads/library/credentials/FireSnatcher/README.md
View File

@ -1,7 +1,7 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
# Props: saintcrossbow & 0iphor13
# Props: saintcrossbow & 0i41E
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)

2
payloads/library/credentials/FireSnatcher/payload.txt
View File

@ -1,7 +1,7 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
# Props: saintcrossbow & 0iphor13
# Props: saintcrossbow & 0i41E
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)

4
payloads/library/credentials/HashDumpBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: HashDumpBunny**
Author: 0iphor13
Author: 0i41E
Version: 1.0
@ -17,4 +17,4 @@ Place BunnyDump.bat in the same payload switch-folder as your payload.txt
#
Plug in BashBunny.
Exfiltrate the out.txt file and try to crack the hashes.
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png)

2
payloads/library/credentials/HashDumpBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: HashDumpBunny
# Description: Dump user hashes with this script, which was obfuscated with multiple layers.
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage

4
payloads/library/credentials/MiniDumpBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: MiniDumpBunny**
Author: 0iphor13
Author: 0i41E
Version: 1.0
@ -14,4 +14,4 @@ What is MiniDumpBunny?
Plug in your BashBunny equipped with the obfuscated MiniBunny.bat file, wait a few seconds, go away.
#
Exfiltrate the .dmp file and read it with Mimikatz.
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png)

2
payloads/library/credentials/MiniDumpBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: MiniDumpBunny
# Description: Dump lsass with this script, which was obfuscated with multiple layers.
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage

8
payloads/library/credentials/ProcDumpBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: ProcDumpBunny**
Author: 0iphor13
Author: 0i41E
Version: 1.0
@ -12,10 +12,10 @@ What is ProcDumpBunny?
**Instruction:**
Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png)
Place Bunny.exe in the same payload switch as your payload
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png)
#
Plug in BashBunny.
Exfiltrate the out.dmp file and read it with Mimikatz.
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png)

2
payloads/library/credentials/ProcDumpBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: ProcDumpBunny
# Description: Dump lsass.exe with a renamed version of procdump
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage

4
payloads/library/credentials/SamDumpBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: SamDumpBunny**
<p>Author: 0iphor13<br>
<p>Author: 0i41E<br>
OS: Windows<br>
Version: 1.0<br>
@ -21,4 +21,4 @@ Afterwards you can use a tool like samdump2 to extract the users hashes.</p>
**!Disclaimer! samdump2 has proven to be unreliable in the recent past.**
![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)
![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png)

2
payloads/library/credentials/SamDumpBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: SamDumpBunny
# Description: Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes.
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage

4
payloads/library/credentials/SessionBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: SessionBunny**
Author: 0iphor13
Author: 0i41E
(Credit for SessionGopher: Brandon Arvanaghi)
Version: 1.0
@ -19,4 +19,4 @@ Place SessionBunny.ps1 in the same payload switch-folder as your payload.txt
#
Plug in BashBunny.
Wait for the script to finish and decide what you wanna do with the information gathered
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png)

2
payloads/library/credentials/SessionBunny/SessionBunny.ps1
View File

@ -43,7 +43,7 @@
o
o_
/ ". SessionGopher
," _-" Bunny Edition (0iphor13)
," _-" Bunny Edition (0i41E)
," m m
..+ ) Brandon Arvanaghi
`m..m @arvanaghi | arvanaghi.com

2
payloads/library/credentials/SessionBunny/payload.txt
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# Title: SessionBunny
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage

2
payloads/library/execution/SerialNumBunny/1.PS1
View File

@ -12,4 +12,4 @@ $Picture=@"
Sleep -s 5
Write-Host -ForegroundColor red "$Picture"
Sleep -s 2
Write-Host -ForegroundColor green "SerialNumBunny by 0iphor13"
Write-Host -ForegroundColor green "SerialNumBunny by 0i41E"

2
payloads/library/execution/SerialNumBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: SerialNumBunny
# Description: Execute strings placed in the Bunny serial number
# Author: 0iphor13
# Author: 0i41E
# Version: 1.0
# Category: Execution
# Attackmodes: HID, RNDIS_ETHERNET

4
payloads/library/execution/SerialNumBunny/readme.md
View File

@ -1,6 +1,6 @@
**Title: SerialNumBunny**
<p>Author: 0iphor13<br>
<p>Author: 0i41E<br>
OS: Windows<br>
Version: 1.0<br>
@ -14,6 +14,6 @@ You can get pretty creative here, from basically calling basic powershell comman
- Upload your script or the example provided onto your Bunnys switch folder.
- Plug in the Bunny and let the magic happen.
![SerialNumBunny](https://github.com/0iphor13/bashbunny-payloads/assets/79219148/fa11d9b5-e2f2-45a9-a701-5a25220ca226)
![SerialNumBunny](https://github.com/0i41E/bashbunny-payloads/assets/79219148/fa11d9b5-e2f2-45a9-a701-5a25220ca226)
_Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._

2
payloads/library/exfiltration/WifiSnatch/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: WifiSnatch
# Description: Extract wifi information, such as passphrases & SSIDs
# Author: 0iphor13
# Author: 0i41E
# Version: 1.1
# Category: Exfiltration
# Attackmodes: HID, Storage

2
payloads/library/prank/-BB-AcidBurn/README.md
View File

@ -105,7 +105,7 @@ Arf
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
* [0iphor13](https://github.com/0iphor13)
* [0i41E](https://github.com/0i41E)
* [PhilSutter](https://github.com/PhilSutter)

2
payloads/library/prank/-BB-JumpScare/README.md
View File

@ -93,7 +93,7 @@ I am Jakoby
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
* [0iphor13](https://github.com/0iphor13)
* [0i41E](https://github.com/0i41E)
* [PhilSutter](https://github.com/PhilSutter)

2
payloads/library/remote_access/PingZhellBunny/Bunny.pl
View File

@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Modified by 0iphor13 for PingZhellBunny
# Modified by 0i41E for PingZhellBunny
#
#
#

2
payloads/library/remote_access/PingZhellBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: PingZhellBunny**
<p>Author: 0iphor13<br>
<p>Author: 0i41E<br>
OS: Windows<br>
Version: 1.5<br>

2
payloads/library/remote_access/PingZhellBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: PingZhellBunny
# Description: Getting remote access via ICMP
# Author: 0iphor13
# Author: 0i41E
# Version: 1.5
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET

4
payloads/library/remote_access/ReverseBunny/README.md
View File

@ -1,6 +1,6 @@
**Title: ReverseBunny**
<p>Author: 0iphor13<br>
<p>Author: 0i41E<br>
OS: Windows<br>
Version: 1.5<br>
@ -8,7 +8,7 @@ Version: 1.5<br>
<p>!Getting remote access via obfuscated reverse shell!<br>
Upload payload.txt and RevBunny.ps1 onto your Bunny
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunny/RevBunny.png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunny/RevBunny.png)
Change the variables in payload.txt to your attacking machine & start your listener. (for example netcat: nc -lvnp [PORT] )</p>

2
payloads/library/remote_access/ReverseBunny/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: ReverseBunny
# Description: Get remote access, using an obfuscated powershell reverse shell.
# Author: 0iphor13
# Author: 0i41E
# Version: 1.5
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET

6
payloads/library/remote_access/ReverseBunnySSL/README.md
View File

@ -1,6 +1,6 @@
**Title: ReverseBunnySSL**
<p>Author: 0iphor13<br>
<p>Author: 0i41E<br>
OS: Windows<br>
Version: 1.2<br>
For input and inspiration - Thanks to: Cribbit, sebkinne</p>
@ -26,5 +26,5 @@ I recommend openssl itself or ncat - Example syntax for both:<br>
**Disclaimer: Because of obfuscation, it may take some time until the shell is fully executed by powershell**
![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png)
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.png)
![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png)
![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.png)

2
payloads/library/remote_access/ReverseBunnySSL/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: ReverseBunnySSL
# Description: Get remote access, using an obfuscated powershell reverse shell.
# Author: 0iphor13
# Author: 0i41E
# Version: 1.2
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET