Merge branch 'cleanup' of github.com:hak5/bashbunny-payloads into cleanup
commit
f582f57a34
|
@ -4,17 +4,15 @@
|
|||
# Author: RalphyZ
|
||||
# Version: 1.1a
|
||||
# Target: Windows 7+
|
||||
# Dependencies: VBScript (a.vbs) in the switch folder with this file
|
||||
# Dependencies: Included a.vbs script
|
||||
#
|
||||
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
||||
#
|
||||
# Colors:
|
||||
# | Status | Color | Description |
|
||||
# | ---------- | ------------------------------| ------------------------------------------------ |
|
||||
# | SETUP | Magenta solid | Setting attack mode, getting the switch position |
|
||||
# | FAIL | Red slow blink | Could not find the a.vbs script |
|
||||
# | ATTACK | Yellow single blink | Running the VBScript |
|
||||
# | FINISH | Green blink followed by SOLID | Script is finished |
|
||||
# LEDS:
|
||||
# Magenta: Setting attack mode, getting the switch position
|
||||
# Red Blink: Could not find the a.vbs script
|
||||
# Yellow Single Blink: Running the VBScript
|
||||
# Green Blink to Solid: Script is finished
|
||||
|
||||
# Magenta solid
|
||||
LED SETUP
|
||||
|
|
|
@ -1,12 +1,19 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: RevShellBack
|
||||
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
|
||||
# Author: NodePoint
|
||||
# Version: 0.1.3
|
||||
# Category: Execution
|
||||
# Target: Windows
|
||||
# Attackmodes: Ethernet, HID
|
||||
# Attack Modes: RNDIS_ETHERNET, HID
|
||||
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
|
||||
#
|
||||
# LEDS:
|
||||
# Magenta: Setup
|
||||
# Yellow Single Blink: Open CMD
|
||||
# Yellow Double Blink: Start Reverse Shell
|
||||
# Cyan Blink: Attack
|
||||
# Green: Finished
|
||||
|
||||
# Set attack mode
|
||||
LED SETUP
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
|
||||
# Title: ShellExec
|
||||
# Author: audibleblink
|
||||
# Target: Mac/Linux
|
||||
# Target: Mac, Linux
|
||||
# Version: 1.1
|
||||
# Attack Modes: ECM_ETHERNET, HID
|
||||
# Description: Create a web server on the BashBunny and force the victim to download and execute a script.
|
||||
# Perfect for when mass storage isn't an option.
|
||||
#
|
||||
# Create a web server on the BashBunny and force
|
||||
# the victim to download and execute a script.
|
||||
# Perfect for when mass storage isn't an option.
|
||||
#
|
||||
# White | Ready
|
||||
# Ammber blinking | Waiting for server
|
||||
# Blue blinking | Attacking
|
||||
# Green | Finished
|
||||
# LEDS:
|
||||
# White: Ready
|
||||
# Amber Blink: Waiting for server
|
||||
# Blue Blink: Attacking
|
||||
# Green: Finished
|
||||
|
||||
LED SETUP
|
||||
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: StickyBunny
|
||||
# Author: Squibs
|
||||
# Version: 0.3
|
||||
# Plug2Pwn: 18s
|
||||
# Title: StickyBunny
|
||||
# Author: Squibs
|
||||
# Version: 0.3
|
||||
# Attack Modes: HID
|
||||
# Target: Windows
|
||||
# Runtime: 18s
|
||||
# Description: Creates the sticky keys back door on a windows machine
|
||||
#
|
||||
# Creates the sticky keys back door on a windows machine
|
||||
#
|
||||
# Blue...............Preparing Attack
|
||||
# Yellow.............Attacking
|
||||
# Green..............GTFO
|
||||
# LEDS:
|
||||
# Blue: Preparing Attack
|
||||
# Yellow: Attacking
|
||||
# Green: Finished
|
||||
|
||||
#Open Admin Powershell
|
||||
ATTACKMODE HID
|
||||
|
|
|
@ -1,14 +1,24 @@
|
|||
# Title: UACBypass
|
||||
# Author: Skiddie
|
||||
# Version: 1.1
|
||||
# Target: Windows
|
||||
# Title: UACBypass
|
||||
# Author: Skiddie
|
||||
# Version: 1.1
|
||||
# Target: Windows
|
||||
# Attack Modes: HID, STORAGE
|
||||
#
|
||||
# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10. The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges. However from what i am aware version 7,8 and 8.1 are still effected. Currently fastest download and execute for HID attacks to date. (with UAC bypass)
|
||||
# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting
|
||||
# the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME
|
||||
# in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10.
|
||||
# The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges.
|
||||
# However from what I am aware version 7,8 and 8.1 are still effected.
|
||||
# Currently fastest download and execute for HID attacks to date. (with UAC bypass)
|
||||
#
|
||||
# LEDS:
|
||||
# Magenta: Starting
|
||||
# Green: Finished
|
||||
|
||||
#Define your bunny storage stick name
|
||||
DRIVER_LABEL='BashBunny'
|
||||
|
||||
#RED means starting
|
||||
#Magenta means starting
|
||||
LED SETUP
|
||||
|
||||
#Gets File locations
|
||||
|
@ -17,7 +27,6 @@ GET SWITCH_POSITION
|
|||
#We are a keyboard
|
||||
ATTACKMODE HID STORAGE
|
||||
|
||||
|
||||
QUACK DELAY 500
|
||||
RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
|
||||
QUACK DELAY 1000
|
||||
|
|
|
@ -4,18 +4,17 @@
|
|||
# Author: LowValueTarget
|
||||
# Version: 1.2
|
||||
# Category: Powershell
|
||||
# Target: Windows XP SP3+ (Powershell)
|
||||
# Target: Windows XP SP3+
|
||||
# Attackmodes: HID, RNDIS_ETHERNET
|
||||
# Firmware: >= 1.3
|
||||
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny web server.
|
||||
# Ensure p.txt (your powershell payload) exists in payload directory
|
||||
#
|
||||
# Quick HID attack to retrieve and run powershell payload from BashBunny web server
|
||||
# ensure p.txt (your powershell payload) exists in payload directory
|
||||
#
|
||||
# | Attack Stage | Description |
|
||||
# | ------------------- | ---------------------------------------- |
|
||||
# | Stage 1 | Running Initial Powershell Commands |
|
||||
# | Stage 2 | Delivering powershell payload |
|
||||
#
|
||||
# LEDS:
|
||||
# Yellow Single Blink: Running Initial Powershell Commands
|
||||
# Yellow Double Blink: Delivering powershell payload
|
||||
# Green: Finished
|
||||
# Red Blink: Failure
|
||||
|
||||
ATTACKMODE RNDIS_ETHERNET HID
|
||||
LED SETUP
|
||||
|
|
|
@ -4,26 +4,22 @@
|
|||
# Author: LowValueTarget
|
||||
# Version: 2.0
|
||||
# Category: Powershell
|
||||
# Target: Windows XP SP3+ (Powershell)
|
||||
# Attackmodes: HID, RNDIS_ETHERNET
|
||||
# Target: Windows XP SP3+
|
||||
# Attack Modes: HID, RNDIS_ETHERNET
|
||||
# Firmware: >= 1.2
|
||||
# Required Tools: impacket
|
||||
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer.
|
||||
# Possibilities are limitless! Credentials captured by are stored as loot.
|
||||
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
||||
#
|
||||
# Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer. Possibilities are limitless!
|
||||
# Credentials captured by are stored as loot.
|
||||
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
||||
#
|
||||
# Required tools: impacket
|
||||
=======
|
||||
# Credentials captured by are stored as loot.
|
||||
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
|
||||
#
|
||||
# Required tools: impacket
|
||||
#
|
||||
# | Attack Stage | Description |
|
||||
# | ------------------- | ------------------------------|
|
||||
# | Stage 1 | Powershell |
|
||||
# | Stage 2 | Delivering powershell payload |
|
||||
# LEDS:
|
||||
# Magenta: Setup
|
||||
# Yellow Single Blink: Powershell
|
||||
# Yellow Double Blink: Delivering powershell payload
|
||||
# White: Clean up
|
||||
# Green: Finished
|
||||
#
|
||||
|
||||
ATTACKMODE RNDIS_ETHERNET HID
|
||||
|
||||
# SETUP
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
# Title: BlackBackup
|
||||
# Author: JWHeuver & JBaselier
|
||||
# Version: 1.0
|
||||
#
|
||||
# Runs powershell script to get Wlan and logon credentials
|
||||
# from computer and save them on USB drive (Storage attack)
|
||||
#
|
||||
# Purple.............Loading
|
||||
# Green .............Execute Credential Ripper Powershell
|
||||
# Off................Finished
|
||||
#
|
||||
#!/bin/bash
|
||||
|
||||
# Title: BlackBackup
|
||||
# Author: JWHeuver & JBaselier
|
||||
# Version: 1.0
|
||||
# Description: Runs powershell script to get Wlan and logon credentials
|
||||
# from computer and save them on USB drive (Storage attack)
|
||||
#
|
||||
# LEDS:
|
||||
# Purple: Loading
|
||||
# Green: Execute Credential Ripper Powershell
|
||||
# Off: Finished
|
||||
#
|
||||
|
||||
# OPTIONS - More options available in the Powershell payload
|
||||
OBFUSCATECMD="N" # Y=yes or N=no
|
||||
|
||||
|
|
|
@ -1,18 +1,21 @@
|
|||
#Title: FileInfoExfiltrator
|
||||
#Author: A_SarcasticGuy
|
||||
#Version: 1.0
|
||||
#Target: Windows
|
||||
#!/bin/bash
|
||||
|
||||
# Title: FileInfoExfiltrator
|
||||
# Author: A_SarcasticGuy
|
||||
# Version: 1.0
|
||||
# Attack Modes: HID, STORAGE
|
||||
# Targets: Windows
|
||||
# Description: Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided)
|
||||
# for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*")
|
||||
# to then be outputted to a text file in the loot directory, in a subfolder with the name of the
|
||||
# system and with a file name of the date and time of the scan.
|
||||
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
|
||||
#
|
||||
#Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided) for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*") to then #be outputted to a text file in the loot directory, in a subfolder with the name of the system and with a #file name of the date and time of the scan.
|
||||
# LEDS
|
||||
# Magenta: Script Started
|
||||
# Yellow: Ducky Script Started
|
||||
# Red: Failed to run Ducky Script, see log file
|
||||
#
|
||||
# Options: Search Directory: Find in p.bat (default c:/)
|
||||
# Search criteria: Find in p.bat (default "pass*")
|
||||
#
|
||||
# Purple LED..................Script Started
|
||||
# Yellow LED..................Ducky Script Started
|
||||
# Red LED.....................Failed to run Ducky Script, see log file
|
||||
#
|
||||
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
|
||||
#
|
||||
|
||||
LED SETUP
|
||||
|
@ -23,29 +26,18 @@ ATTACKMODE HID STORAGE
|
|||
|
||||
if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
|
||||
|
||||
|
||||
#Call ducky script
|
||||
LED STAGE1
|
||||
|
||||
|
||||
QUACK ${SWITCH_POSITION}/ducky_script.txt
|
||||
|
||||
|
||||
QUACK DELAY 10000
|
||||
|
||||
LED FINISH
|
||||
|
||||
else
|
||||
|
||||
|
||||
LED FAIL
|
||||
|
||||
|
||||
#Red LED if unable to load script
|
||||
echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
|
||||
|
||||
|
||||
exit 1
|
||||
|
||||
|
||||
fi
|
||||
|
|
|
@ -4,9 +4,9 @@
|
|||
# Author: k1ul3ss
|
||||
# Props: audibleblink
|
||||
# Version: 1.0
|
||||
# Category: Exfiltration
|
||||
# Target: macOS
|
||||
# Attackmodes: HID, Storage
|
||||
# Targets: macOS
|
||||
# Attack Modes: HID, Storage
|
||||
# Description: Finds all PDFs in the users Home directory, and then copies them to the Bunnys storage.
|
||||
|
||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
||||
|
||||
|
|
|
@ -3,10 +3,15 @@
|
|||
# Title: Powershell Extractor
|
||||
# Author: $irLurk$alot
|
||||
# Version: 1.0
|
||||
# Target: Windows
|
||||
# Targets: Windows
|
||||
# Attack Modes: HID, STORAGE
|
||||
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn runs powershell script to copy move and extract data.
|
||||
#
|
||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn runs powershell script to copy move and extract data.
|
||||
# LEDS:
|
||||
# Magenta: Setting Up
|
||||
# Yellow Blink: Executing Powershell
|
||||
# Green: Finished
|
||||
|
||||
LED SETUP
|
||||
|
||||
|
|
|
@ -2,13 +2,14 @@
|
|||
#
|
||||
# Title: sMacAndGrab
|
||||
# Author: audibleblink
|
||||
# Target: macOS
|
||||
# Targets: macOS
|
||||
# Version: 1.2
|
||||
# Attack Modes: STORAGE, HID
|
||||
# Description: Backup a list of files from macOS
|
||||
#
|
||||
# Backup a list of files from macOS
|
||||
#
|
||||
# Yellow (blinking)...Attacking
|
||||
# Green...............Finished
|
||||
# LEDS:
|
||||
# Yellow Blink: Attacking
|
||||
# Green: Finished
|
||||
|
||||
LED ATTACK
|
||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: ExecutableInstaller
|
||||
# Author: IMcPwn (original)
|
||||
# Additions: SaintCrossbow (only for the parts to run SFE)
|
||||
# Version: 1.0
|
||||
# Target: Windows 7+
|
||||
#
|
||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn executes e.cmd invisibly using i.vbs
|
||||
# which in turn copies payload.exe from the root of the Bash Bunny and then executes it
|
||||
# using the --startup parameter. Change these settings inside of e.cmd.
|
||||
# Title: SmartFileExtract
|
||||
# Author: IMcPwn
|
||||
# Props: SaintCrossbow
|
||||
# Version: 1.0
|
||||
# Targets: Windows
|
||||
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn executes e.cmd invisibly using i.vbs
|
||||
# which in turn copies payload.exe from the root of the Bash Bunny and then executes it
|
||||
# using the --startup parameter. Change these settings inside of e.cmd.
|
||||
#
|
||||
# LEDS:
|
||||
# Red: Attacking
|
||||
# Green: Finished
|
||||
|
||||
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
|
||||
source bunny_helpers.sh
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
# Title: TwoStageMac
|
||||
# Description: A simple two stage payload for OSX. Sample second stage
|
||||
# does some device profiling.
|
||||
#
|
||||
# Author: Draxiom
|
||||
# Props: jdetmold
|
||||
# Version: 1.0
|
||||
# Category: Exfiltration
|
||||
# Target: OSX
|
||||
# Attack Modes: HID, STORAGE
|
||||
# LEDS:
|
||||
# Magenta - Setup
|
||||
# Yellow Blink - Attacking
|
||||
# White - Clean up
|
||||
# Green - Finished
|
||||
|
||||
LED SETUP
|
||||
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE
|
||||
|
|
|
@ -2,16 +2,17 @@
|
|||
#
|
||||
# Title: BrowserData
|
||||
# Author: zachstanford
|
||||
# Version: 0.1 (Tested on Windows 10)
|
||||
# Version: 0.1
|
||||
# Targets: Windows
|
||||
# Attack Modes: HID, STORAGE
|
||||
# Description: Dumps browser info like history and bookmarks from powershell script
|
||||
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
|
||||
# Credits to this Empire's powershell script:
|
||||
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
|
||||
#
|
||||
# Dumps browser info like history and bookmarks from powershell script
|
||||
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
|
||||
# Credits to this Empire's powershell script:
|
||||
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
|
||||
|
||||
#script
|
||||
# Blue...............Running Script
|
||||
# Purple.............Finished
|
||||
# LEDS:
|
||||
# Blue: Running Script
|
||||
# Magenta: Finished
|
||||
|
||||
# Not sure if this is the right variable. Feel free to change it.
|
||||
|
||||
|
@ -23,7 +24,6 @@ LED R SLOW
|
|||
LOOTDIR=/root/udisk/loot/BrowserData
|
||||
mkdir -p $LOOTDIR
|
||||
|
||||
|
||||
LED B SLOW
|
||||
|
||||
# wait 6 seconds for the storage to popup
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
# Dropbox Exfiltrator
|
||||
# Title: Dropbox Exfiltrator
|
||||
# Author: Hak5Darren
|
||||
# Props: jimcola99 Buchanan
|
||||
# Demo: Hak5 episode 2505
|
||||
# Target: Windows Vista+
|
||||
# Category: Exfiltration
|
||||
# Props: jimcola99, Buchanan
|
||||
# Demo: Hak5 Episode 2505
|
||||
# Targets: Windows
|
||||
# Description: Exfiltrate via DropBox
|
||||
#
|
||||
# LEDS:
|
||||
# Magenta: Setup
|
||||
# Yellow Blink: Getting Script
|
||||
# Green: Finish
|
||||
|
||||
LED SETUP
|
||||
ATTACKMODE HID
|
||||
|
|
|
@ -1,19 +1,17 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: FTP Exfiltrator
|
||||
# Author: Nutt
|
||||
# Version: 1.0
|
||||
# Target: Windows
|
||||
# Title: FTP Exfiltrator
|
||||
# Author: Nutt
|
||||
# Version: 1.0
|
||||
# Targets: Windows
|
||||
# Description: Exfiltrates files from the users Documents folder FTP's all files/folders to a specified
|
||||
# FTP site named by the victim hostname. Powershell FTP script will stay running after
|
||||
# BashBunny is unpluggedonce light turns green unplug and check FTP site.
|
||||
#
|
||||
#Exfiltrates files from the users Documents folder
|
||||
#FTP's all files/folders to a specified FTP site named by the victim hostname.
|
||||
#Powershell FTP script will stay running after BashBunny is unplugged, once light turns green unplug and check FTP site.
|
||||
|
||||
#Executes 1.ps1
|
||||
|
||||
#Purple.........Setup
|
||||
#Red............Failed - Need to work on
|
||||
#Green..........Finished
|
||||
# LEDS:
|
||||
# Purple: Setup
|
||||
# Red: Failed - Need to work on
|
||||
# Green: Finished
|
||||
|
||||
LED SETUP
|
||||
GET SWITCH_POSITION
|
||||
|
|
|
@ -1,31 +1,22 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: Optical Exfiltration
|
||||
# Author: bg-wa
|
||||
# Version: 1.0
|
||||
# Category: HID
|
||||
# Target: *NIX
|
||||
# Attackmodes: HID
|
||||
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
|
||||
# Title: Optical Exfiltration
|
||||
# Author: bg-wa
|
||||
# Version: 1.0
|
||||
# Targets: macOS, Linux
|
||||
# Attack Modes: HID
|
||||
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
|
||||
# Description: Quick HID only attack to write an HTML/JS file to target machine
|
||||
# and open a browser, to exfiltrate data Using QR Codes and a video recording device.
|
||||
# Optional html params:
|
||||
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
|
||||
# playback: Passing the string "finish" to this param will auto-play the results, when QR codes finish rendering.
|
||||
# Example: Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
|
||||
#
|
||||
# Quick HID only attack to write an HTML/JS file to target machine
|
||||
# and open a browser, to exfiltrate data Using QR Codes and a video
|
||||
# recording device.
|
||||
#
|
||||
# Optional html params:
|
||||
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
|
||||
#
|
||||
# playback: Passing the string "finish" to this param will auto-play the results,
|
||||
# when QR codes finish rendering.
|
||||
#
|
||||
# Example:
|
||||
# Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
|
||||
#
|
||||
# | Attack Stage | Description |
|
||||
# | ------------------- | ---------------------------------------- |
|
||||
# | SETUP | Open vi |
|
||||
# | ATTACK | Writing HTML |
|
||||
# | FINISH | Browser Ready/Processing |
|
||||
# LEDS:
|
||||
# Magenta: Open vi
|
||||
# Yellow Blink: Writing HTML
|
||||
# Green: Browser Ready/Processing
|
||||
#
|
||||
|
||||
ATTACKMODE HID
|
||||
|
|
|
@ -1,4 +1,16 @@
|
|||
# Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
|
||||
#!/bin/bash
|
||||
#
|
||||
# Title: simple-usb-extractor
|
||||
# Version: 1.0
|
||||
# Author: danthegoodman1
|
||||
# Targets: Windows
|
||||
# Attack Modes: HID, STORAGE
|
||||
# Description: Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
|
||||
#
|
||||
# LEDS:
|
||||
# Yellow Blink - Attacking
|
||||
# Green - Finished
|
||||
|
||||
GET SWITCH_POSITION
|
||||
LED ATTACK
|
||||
ATTACKMODE HID STORAGE
|
||||
|
|
|
@ -4,47 +4,20 @@
|
|||
# Author: Hak5Darren
|
||||
# Props: ImNatho, mike111b, madbuda
|
||||
# Version: 1.1
|
||||
# Category: Exfiltration
|
||||
# Target: Windows XP SP3+ (Powershell)
|
||||
# Attackmodes: HID, Ethernet
|
||||
# Target: Windows XP
|
||||
# Attack Modes: HID, RNDIS_ETHERNET
|
||||
# Requires: Impacket Tool
|
||||
# Description: Exfiltrates select files from users's documents folder via SMB.
|
||||
# Liberated documents will reside in Bash Bunny loot directory under
|
||||
# loot/smb_exfiltrator/HOSTNAME/DATE_TIME. Exfiltration options configured from included s.ps1 script.
|
||||
#
|
||||
# CHANGELOG
|
||||
# =========
|
||||
# Rewrite of the original SMB Exfiltrator payload with:
|
||||
# - Faster copying, using robocopy multithreaded mode
|
||||
# - Faster finish, using a EXFILTRATION_COMPLETE file
|
||||
# - Offload logic to target PC for accurate date/time
|
||||
# - Clears tracks by default without second run dialog
|
||||
# - Test-Connection handling by ICMP (no lame sleeps)
|
||||
# - Hidden powershell window by default
|
||||
#
|
||||
# REQUIREMENTS
|
||||
# ============
|
||||
# Needs impacket to be copied to /tools/impacket and installed
|
||||
# Option A:
|
||||
# 1. Download impacket from https://github.com/CoreSecurity/impacket
|
||||
# 2. Copy impacket folder to /tools on the Bash Bunny flash drive
|
||||
# 3. Boot Bash Bunny into arming mode and connect to console via serial
|
||||
# 4. Issue "python /tools/impacket/setup.py install"
|
||||
# Option B:
|
||||
# 1. Download impacket deb package
|
||||
# 2. Copy impacket.deb to /tools on the Bash Bunny flash drive
|
||||
# 3. Boot Bash Bunny into arming mode. Impacket will install automatically.
|
||||
#
|
||||
# LED STATUS
|
||||
# ==========
|
||||
# FAIL........Failed to find dependencies
|
||||
# STAGE1......HID Stage
|
||||
# STAGE2......Ethernet Stage
|
||||
# SPECIAL.....Receiving Files
|
||||
# CLEANUP.....Moving Liberated Files
|
||||
# FINISH......Finished
|
||||
#
|
||||
# OPTIONS
|
||||
# =======
|
||||
# Exfiltration options configured from included s.ps1 script
|
||||
|
||||
|
||||
# LEDS:
|
||||
# Red: Failed to find dependencies
|
||||
# Yellow Single Blink: HID Stage
|
||||
# Yellow Double Blink: Ethernet Stage
|
||||
# Cyan: Receiving Files
|
||||
# White: Moving Liberated Files
|
||||
# Green: Finished
|
||||
|
||||
######## INITIALIZATION ########
|
||||
REQUIRETOOL impacket
|
||||
|
|
|
@ -3,14 +3,16 @@
|
|||
# Title: USB Exfiltrator
|
||||
# Author: Hak5Darren
|
||||
# Version: 1.1
|
||||
# Target: Windows XP SP3+
|
||||
# Target: Windows XP
|
||||
# Props: Diggster, IMcPwn
|
||||
# Category: Exfiltration
|
||||
#
|
||||
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn executes e.cmd invisibly using i.vbs
|
||||
# which in turn copies documents to the loot folder on the Bash Bunny.
|
||||
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
|
||||
# which in turn executes e.cmd invisibly using i.vbs
|
||||
# which in turn copies documents to the loot folder on the Bash Bunny.
|
||||
#
|
||||
# LEDS:
|
||||
# Yellow Blink: Attacking
|
||||
# Green: Finished
|
||||
|
||||
GET SWITCH_POSITION
|
||||
LED ATTACK
|
||||
ATTACKMODE HID STORAGE
|
||||
|
|
Loading…
Reference in New Issue