* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Uploaded SessionBunny
Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Afterwards decide which is important and what you want to save onto your BashBunny.
* Uploaded SessionBunny
Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Decide which inforamtion you wanna take with you - save it onto your BashBunny!
* Update README.md
* Delete SessionBunny directory
* Uploaded MiniDumpBunny
Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.
* Update README.md
added disclaimer
* Update README.md
* Update README.md
* Update README.md
* Uploaded ReverseBunnySSL
* Update README.md
* Update README.md
* Update payload.txt
* Update README.md
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Uploaded SessionBunny
Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Afterwards decide which is important and what you want to save onto your BashBunny.
* Uploaded SessionBunny
Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Decide which inforamtion you wanna take with you - save it onto your BashBunny!
* Update README.md
* Delete SessionBunny directory
* Uploaded MiniDumpBunny
Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.
* Update README.md
added disclaimer
* Update README.md
* Update README.md
* Update README.md
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Uploaded SessionBunny
Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Afterwards decide which is important and what you want to save onto your BashBunny.
* Uploaded SessionBunny
Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Decide which inforamtion you wanna take with you - save it onto your BashBunny!
* Update README.md
* Delete SessionBunny directory
* Uploaded MiniDumpBunny
Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.
* Update README.md
added disclaimer
* Update README.md
* Update README.md
* uploading bunnyDOS
bunnyDOS payload intelligently search target's network for open http(configurable for https) ports and performs DOS on it.
* Delete payload.txt
* Add files via upload
* uploaded dirtypipe
Exploit for a new Linux vulnerability known as 'Dirty Pipe(CVE-2022-0847)' allows local users to gain root privileges.
* exploit
* Create README.md
* fixing typo
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Uploaded SessionBunny
Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Afterwards decide which is important and what you want to save onto your BashBunny.
* Uploaded SessionBunny
Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Decide which inforamtion you wanna take with you - save it onto your BashBunny!
* Update README.md
* Delete SessionBunny directory
* Uploaded MiniDumpBunny
Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Uploaded SessionBunny
Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Afterwards decide which is important and what you want to save onto your BashBunny.
* Uploaded SessionBunny
Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.
Decide which inforamtion you wanna take with you - save it onto your BashBunny!
* Update README.md
* Delete SessionBunny directory
1) Adds a user account.
2) Adds this local user to local administrator group.
3) If the target computer is equipped with a compatible Wi-Fi card :
Avoids security measures on the internal network with the
creation of a wireless "Hosted Network".
4) Enables "Windows Remote Management" with default settings.
5) Adds a rule to the firewall.
6) Sets a value to "LocalAccountTokenFilterPolicy" to disable "UAC" remote restrictions.
7) Hides user account.
1) Adds a user account.
2) Adds this local user to local administrator group.
3) If the target computer is equipped with a compatible Wi-Fi card :
Avoids security measures on the internal network with the
creation of a wireless "Hosted Network".
4) Shares "C:\" directory.
5) Adds a rule to the firewall.
6) Sets a value to "LocalAccountTokenFilterPolicy" to access the "C:" with a local account.
7) Hides user account.
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Updated ReverseBunny
Fixed wrong DELAY commands
* Updated PingZhellBunny
Fixed wrong DELAY commands
* Updated WifiSnatch
Fixed multiple mistakes
* Uploaded HashDumpBunny
Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)
* added example picture
* Update README.md
* Add "PwnKit Vulnerability" - LPE
The Qualys Research Team has discovered a memory corruption
vulnerability in polkit’s pkexec, a SUID-root program that
is installed by default on every major Linux distribution.
* Add Credits to README.MD
* pwnkit: Move to shorter directory name
* pwnkit: Add compiled version
* pwnkit: Copy built binaries instead of compiling
* make it executable
* add credits
Co-authored-by: Marc <foxtrot@malloc.me>
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Desktop Flooder
downloads an image from a link and saves it, then copies the images all over the desktop.
* Update README.md
* Update README.md
* Update README.md
* Update payload.txt
* Add Win_SSLKeyLog
Captures the client network session.
Captures the client side session keys.
1) Partially avoids "PowerShell Script Block Logging".
2) Closing of all windows.
3) Hide "PowerShell" window.
4) Check if current process have "Administrator" privilege.
5) Sets the "SSLKEYLOGFILE" environment variable to store SSL session key information.
6) Starts a "Network Tracing Session" with "ETW (Event Tracing for Windows)".
7) Writes the file system cache to disk (thanks to @dark_pyrro).
8) Safely eject (thanks to @Night (9o3)).
* Correction of some information in "README.md"
1) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
2) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
3) Retrieve the current username.
4) Full-screen opening of the phishing HTML page using the default web browser with a random wallpaper.
5) The "Bash Bunny" can be removed because the files are cached in the web browser.
6) The password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Add files via upload
* Update readme.md
* Update readme.md
* Update payload.txt
* Update readme.md
* fix rebase errors
* Fix for rebase
* Fix for fewer details
* Extensions: Add wait_for BTLE extensions
* Quick and Dirty PrintNightmare Payload (#432)
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
Co-authored-by: Marc <foxtrot@malloc.me>
* Bugfix (#433)
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
* Added Delays
Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.
* Amending Version Number
I'm a fool
* Updated Readme with proper credit
Co-authored-by: Marc <foxtrot@malloc.me>
* General Imrovements to PrintNightmare (#434)
* Housekeeping
Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.
* Update README.md
* More improvement
Added exit to the juicybits rather than using alt and /noprofile to the run as
* Update README.md
Co-authored-by: Marc <foxtrot@realloc.me>
* New Payload - Excel QR Rickroll
Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: panicacid <steve@pcquicktips.net>
Co-authored-by: Marc <foxtrot@realloc.me>
Uses the "SanDisk Wireless Stick" for files exfiltration.
1) Avoids "PowerShell Script Block Logging".
2) Hide "PowerShell" window.
3) Deletes Wi-Fi connection profiles in automatic mode, each deletion causes a disconnection.
4) Adds the profile for the "SanDisk Connect Wireless Stick" in automatic mode.
5) Checks whether the Wi-Fi interface is connected to the "SanDisk" and whether the gateway can be reached, if not, automatically starts again.
6) Exfiltration of the files via the HTTP channel.
* Exfiltrate using Windows utility SmartFileExtract
Script to find all files that a) have filenames with the word "pass" or "secret" in them or b) are standard .DOC files and copy them to loot. SmartFileExtract is used to kill the copy after 500 MBs and / or 90 seconds and will display the copy status using a fake install window.
Dependencies:
Binary (SmartFileExtract.exe) from https://github.com/saintcrossbow/SmartFileExtract
* New Exfiltration: Smart Data Thief
Timed exfiltration attack targeting high value data and WiFi creds. Highly configurable to start / stop attack using BLE beacons, create distraction when aborting attack, and full shutdown for removal after attack complete.
* Revolver BLE controlled multi-attack
New payload: Revolver - a multi option attack controlled by BLE beacons. Plug in Bash Bunny and choose your attack based on what you need in the field.
* Bluetooth2
Bluetooth2 is a program that can use multiple triggers instead of waiting for just one and run different things depending on that trigger. Anyone willing to update it would be appreciated as it probably looks... not great.
* Update payload.txt
* Update payload.txt
* Update README.md
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* USB Exfiltration Payload with Win10 Fake Update
This Payload exfiltrates defined files to the Bunny. While copying is in progress, it shows a Fake Win10 Update Screen and removes traces. When it's ready, the target machine is forced to reboot.
* Correction for the Key injection F11
* Create test
* Delete payloads/library/USB_Exfil_with_Fake_Update _and_force-reboot directory
* Create tst
* Add files via upload
* Delete tst
* Delete payloads/library/exfiltration/USB Exfil with Fake Update and force reboot directory
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
* Added Delays
Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.
* Amending Version Number
I'm a fool
* Updated Readme with proper credit
* Housekeeping
Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.
* Update README.md
* More improvement
Added exit to the juicybits rather than using alt and /noprofile to the run as
* Update README.md
* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP
Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)
* Changed from RUN WIN to QUACK STRING
Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh
* Added command to cover traks at the end of the script
added a line of powershell to clean out the run registry key to hide any evidence of the script running
Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>
Exploit Razer USA HID driver installation to System authority PowerShell.
This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
* Delete stage3.ps1
* Update ATNT to work as intended.
Update ATNT to work as intended. Requires reboot or logoff to fully register AT.
* Remove DONE file in cleanup.
Forgot to remove DONE file. Now also makes sure this file does not exist before running.
Disable "PowerShell" logging
Check if current process have "Administrator" privilege
Check "SeDebugPrivilege" policy
Retrieves the processes belonging to the "SYSTEM" account
For each system PID, test to obtain the "SYSTEM" account via the parent process
* Housekeeping
Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.
* Update README.md
* More improvement
Added exit to the juicybits rather than using alt and /noprofile to the run as
* Update README.md
Co-authored-by: Marc <foxtrot@realloc.me>
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
* Added Delays
Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.
* Amending Version Number
I'm a fool
* Updated Readme with proper credit
Co-authored-by: Marc <foxtrot@malloc.me>
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
Co-authored-by: Marc <foxtrot@malloc.me>
* Added files
The payload.txt and the README.md have been added to the project!
* Updated Readme
The Readme file has been updatet.
* Added development status
The development status entry has been added to the list.
* Added header.
A header containing important information has been added.
* Made a joke
A joke has been made out of the Tested: No
* Completed InfoBox and added Configuring
The InfoBox is now a real box, and the Configuring section that is currently empty has been added.
* Added DUCKY_LANG notice.
In the configuration header, the sentence "You are required to change the DUCKY_LANG." has been added.
* Various changes.
Following changes have been made:
Removed the "Tested joke"
Setting the LED
Setting the Attackmode
Added configurationstuff
Added Setting up
Added the actual shutting down
* Changed development status.
The development status has been changed to "Actually quite done".
* Changed development status
* Added quality notice.
The standard notice for Emilius123 payloads "Emilius123 payloads. Quality made in Notepad since 2019." has been added.
* Changed category
The category has been changed from "Prank" to "Prank and Troll".
* Changed version
In the files README.md and payload.txt, the Version label has changed to
version 1.0
* Changed development status.
The development status has been changed from "Actually quite done" to
"1.0 done"
* Changed Status at FINISH LED
* Quality notice is now cursive
The quality notice is now in a cursive font.
* Added notice
The notice "Please give feedback in the Forum topic." has been added and surrounded nicely.
* Update README.md
* Forum topic is now cursive
* Added pull request
The sentence "Please give Feedback in the Forum topic." has been changed to "Please give Feedback in the Forum Topic and check out the Pull request.
* Update README.md
* Update README.md
* Added additional information.
To the README and the payload, the Description, Attackmode and used
Extensions have been added.
* Removed lines
* Removed empty lines
I really missed the BB's original variable "$SWITCH_POSITION" since in my testing BB's payload I'm maintaining it in my code as:
ORIGINAL_SWITCH="/root/udisk/payloads/$SWITCH_POSITION"
Thanks to @catatonicprime for offering the fix for this issue.
Sometimes the host name is the same as the username so we will add it to the username and the password wordlists automatically to be used during the brute force attack.
* Adding Jackalope, a Bunny+Metasploit chimera project.
* Fixing inaccurate documentation.
* Generate the password entry payload on the alternate switch.
* Additional documentation concerning alternate payload mechanism.
* Branding
* Update readme.md
* rearchitecting payload to be independent. No longer overwrites alternate payload location. Uses WAIT interface to interact with the tester to reuse a password, clear the password, and re-attack the machine.
* Response to Hak5 2506
* A random 'e' ended up on line 58.
Line is blank now like it is supposed to be.
* Created readme
STAGE2 made more sense when it was STAGE1/STAGE2, but the transcoding is a special stage and the typing is stage 2 since the transcoding had to be done first.
Some more shortening. Only 183 characters!
powershell -w h "$p=$home+'\b.jpg';iwr h4k.cc/b.jpg -O $p;SP 'HKCU:Control Panel\Desktop' WallPaper $p;1..59|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}"
* Omit http:// from URI
* powershell -w h to start a hidden powershell windows
* set variable $p for later re-use (saves characters)
* Omit -Uri and redundant characters in -Outfile (-O)
switches
* 1..59|% to create a loop for 60 seconds
* use $home as directory
Gets COM& Serial Device PID&VID if doing a walk about and want to collect info on HID/PID&VID + MI for future use. just a thought
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table
"COM & SERIAL DEVICES"
"==================================================================" + ($COMDevices | Out-String)
""
Removes all Variables created during the session. I noticed my version of PS was storing them between simulated attacks. so removing them entirely was my resolve.
Remove-Variable -Name computerPubIP,
computerIP,IsDHCPEnabled,Network,Networks,
computerMAC,computerSystem,computerBIOS,computerOs,
computerCpu, computerMainboard,computerRamCapacity,
computerRam,driveType,Hdds,RDP,WLANProfileNames,WLANProfileName,
Output,WLANProfileObjects,WLANProfilePassword,WLANProfileObject,luser,
process,listener,listenerItem,process,service,software,drivers,videocard,
vault -ErrorAction SilentlyContinue -Force
- Clean up traces
- Bugfixes on newer firmware
- Improved documentation
- Fake hardware identifier
- Added persistence via autostart
- Disconnect on end
I-Am-Jakoby
0iphor13
drapl0n
KarrotKak3
cribb-it
Whiskey Xray
Bearz314
TW-D
Marc
JustaProgrammer9
Jake Wimmer
StaDo0815
Overtime
saintcrossbow
scaery
Hacksawfred3232
xhico
HackingMark
panicacid
9o3
emptyhen
Darren Kitchen
Marc
Ian Costa
Alex
Darkprince
root
theofandato
DavidHaintz
kuyaya
Emil Albrecht
Mike Galvin
jblk01
Mohamed A. Baset
Marc
WWVB
Catatonic
TheDragonkeeper
TheDragonkeeper
WWVB
G4te-Keep3r
Rosius Yves
0rion
Eric Briese
TheG3ntl3man
Mathew Fleisch
metalkey
Zappus
golem445
root
James Cullum (Pseudonym)
bg-wa
Tudor Gheorghiu
Alex Flores
bg-wa
KeenanV
c64whiz
Jonathan Debétaz
Thorsten Sick
danthegoodman1