hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create readme.md

pull/383/head
Mohamed A. Baset 2019-05-30 00:05:43 -05:00 committed by GitHub
parent 36e34feac4
commit d11515bf59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
payloads/library/credentials/SMBruteBunny/readme.md Normal file
View File

@ -0,0 +1,47 @@
# SMBruteBunny
```
/ \
/ _ \
| / \ |
|| || _______
|| || |\ \
|| || ||\ \
|| || || \ |
|| || || \__/
|| || || ||
\\_/ \_/ \_//
/ _ _ \
/ \
| O O |
| \ ___ / |
/ \ \_/ / \
/ ----- | --\ \
| \__/|\__/ \ |
\ |_|_| /
\_____ S M B ____/
\ /
| |
------------------------------------------------
SMBruteBunny by: @SymbianSyMoh
```
* Author: Mohamed A. Baset (SymbianSyMoh)
## Description
This payload exploits the inherited trust between USB pripherals and computers by setting up an RNDIS interface that works as a DHCP server and offer leases to the connected hosts then it can see the open SMB port which is 445 hence the bruteforcing process starts and once the password is found it will be entered to the lock screen via HID script and unlocking the target machine.
## What to expect?
Once the password found it will be stored under the "loot" folder and will be entered automatically in the lock screen resulting in unlocking the targeted machine.
## Setup
1. Clone this repo XXX in XXXX
2. Put all the required files in place:
password_process_file
password_loot_file
unlock_hid_script
user_bruteforce_list
pass_bruteforce_list
3.
4.
5.
6. Plug the BashBunny in a locked computer, once the DHCP lease is being offered it will perform SMB bruteforce attack and once succeded it will fire HID script to enter the password and unlock the machine.