Commit Graph

580 Commits (master)

Author SHA1 Message Date
jblk01 5bc8160946
Add files via upload 2019-07-22 23:45:41 -05:00
jblk01 e98de70531
Create file.txt 2019-07-22 23:44:48 -05:00
Marc d67b95a220
Merge pull request #383 from SymbianSyMoh/master
Yet another but FASTER SMB Bruteforce payload for Bash Bunny
2019-07-12 01:11:16 +00:00
Mohamed A. Baset d36f90f26c
Update payload.txt 2019-07-11 19:33:28 -05:00
Mohamed A. Baset e889c414d5
Update payload.txt
Adding the payload header!
2019-07-11 17:58:20 -05:00
Mohamed A. Baset d387f4e185
Update payload.txt
Require tool "impacket"
2019-07-11 17:09:39 -05:00
Marc 08a71de1d8
Merge pull request #389 from hak5/jackalope-patch
Update Jackalope to remove references to RVM.
2019-07-10 21:26:02 +00:00
Marc 81dd9531bf
Jackalope: Fix typo in REQUIRETOOL function call. 2019-07-09 21:38:02 +01:00
Marc 9a6d515add
Jackalope: Un-comment REQUIRE_TOOL.
Starting with 1.6, a Metasploit tools package will be available.
2019-07-04 00:10:24 +01:00
Marc 947b08fc0f
Update Jackalope to remove references to RVM.
Starting with Firmware 1.6 and the Metasploit tools package, RVM will no longer be needed.
2019-07-04 00:08:01 +01:00
Marc 938fe29c94
Merge pull request #379 from TheDragonkeeper/chromeos
Chromeos Enrollment
2019-06-28 20:50:17 +00:00
Marc e82fb6166b
Merge pull request #347 from mathew-fleisch/master
Two Stage Mac Payload
2019-06-28 20:20:33 +00:00
Marc f9aadb0a4d
Merge pull request #339 from JamesCullum/master
Updated RaZ_ReverseShell
2019-06-28 00:25:07 +00:00
Marc 00b2ea8aa9
Merge pull request #340 from hink/master
[PAYLOAD UPDATE] psh_DownloadExec Update
2019-06-28 00:23:05 +00:00
WWVB 83f8d9cb43 Renamed directory to remove space. 2019-06-27 20:20:28 -04:00
Marc 0b9f7c0b47
Merge pull request #349 from TheG3ntl3man/patch-1
Adding Delay to Prank/Startup-Message
2019-06-28 00:15:21 +00:00
Marc b6af89dbdc
Merge pull request #360 from Atrolantra/master
Moved screen height and width to configurable options
2019-06-28 00:07:40 +00:00
Marc 2f23f34e6a
Merge pull request #367 from 0rion5/patch-4
Update for Info.ps1
2019-06-28 00:04:13 +00:00
Marc d3727bd899
Merge pull request #368 from 0rion5/patch-5
Update Info.ps1
2019-06-28 00:03:29 +00:00
Darren Kitchen aec718806e
Update payload.txt 2019-06-06 12:45:35 -07:00
Darren Kitchen 8dd4797e5d
Update payload.txt 2019-06-06 12:45:12 -07:00
Mohamed A. Baset 3980bab638
Critical fixes
I really missed the BB's original variable "$SWITCH_POSITION" since in my testing BB's payload I'm maintaining it in my code as: 

ORIGINAL_SWITCH="/root/udisk/payloads/$SWITCH_POSITION"

Thanks to @catatonicprime for offering the fix for this issue.
2019-06-01 02:22:45 -05:00
Mohamed A. Baset 6ee12332e5
Update userlist.txt 2019-06-01 02:03:17 -05:00
Mohamed A. Baset 0a407d0348
Update userlist.txt 2019-05-30 04:08:46 -05:00
Mohamed A. Baset 0068cfccd5
Update payload.txt 2019-05-30 04:01:38 -05:00
Mohamed A. Baset 072c659943
Update payload.txt 2019-05-30 03:44:12 -05:00
Mohamed A. Baset 92f1be3a52
A little nasty trick!
Sometimes the host name is the same as the username so we will add it to the username and the password wordlists automatically to be used during the brute force attack.
2019-05-30 01:43:13 -05:00
Mohamed A. Baset b3537e7a65
Update payload.txt 2019-05-30 00:55:17 -05:00
Mohamed A. Baset d9d741e828
Update readme.md 2019-05-30 00:54:11 -05:00
Mohamed A. Baset 0973bf25ec
Create payload.txt 2019-05-30 00:50:08 -05:00
Mohamed A. Baset fcb15af701
Update readme.md 2019-05-30 00:36:31 -05:00
Mohamed A. Baset ddffe360a4
Update readme.md 2019-05-30 00:35:55 -05:00
Mohamed A. Baset bb2c9c5bfd
Create mmcbrute.py 2019-05-30 00:31:56 -05:00
Mohamed A. Baset 4778effde3
Create README.md 2019-05-30 00:31:11 -05:00
Mohamed A. Baset 0ac9056917
Create LICENSE 2019-05-30 00:30:30 -05:00
Mohamed A. Baset fcac3b6d29
Create userlist.txt 2019-05-30 00:08:51 -05:00
Mohamed A. Baset 031a47b0d2
Create passlist.txt 2019-05-30 00:07:30 -05:00
Mohamed A. Baset d11515bf59
Create readme.md 2019-05-30 00:05:43 -05:00
Darren Kitchen 36e34feac4
Update payload.txt 2019-05-28 12:42:10 -07:00
Catatonic c282540f52 Clarying documentation based on user feedback. (#381) 2019-05-22 18:46:59 -07:00
Catatonic f171837db2 Add Jackalope (#380)
* Adding Jackalope, a Bunny+Metasploit chimera project.

* Fixing inaccurate documentation.

* Generate the password entry payload on the alternate switch.

* Additional documentation concerning alternate payload mechanism.

* Branding

* Update readme.md

* rearchitecting payload to be independent. No longer overwrites alternate payload location. Uses WAIT interface to interact with the tester to reuse a password, clear the password, and re-attack the machine.
2019-05-22 16:53:59 -07:00
TheDragonkeeper ca22f20b53
Update payload.txt 2019-04-20 04:48:38 +01:00
TheDragonkeeper d22c2481a0
Update Readme.md 2019-04-20 04:46:02 +01:00
TheDragonkeeper 63c62a4871
Update Readme.md 2019-04-20 04:34:31 +01:00
TheDragonkeeper 81b4e060c8
Update Readme.md 2019-04-20 04:33:15 +01:00
TheDragonkeeper a9b191045b added all auth options 2019-04-20 03:59:41 +01:00
TheDragonkeeper cda2430080 ChromeOS Enrolment Payload 2019-04-06 03:14:38 +01:00
TheDragonkeeper 963c000ab9 added keylogger 2019-04-06 00:50:03 +01:00
WWVB 16efe8b05b
Added ARP to loot 2019-03-28 10:31:55 -04:00
WWVB f9d4737fc0
Added ARP data to the loot 2019-03-28 10:30:47 -04:00
WWVB 230a677aa3
Update readme.md 2019-03-26 09:42:49 -04:00
WWVB 40a9afa7c4
Update readme.md 2019-03-26 09:01:09 -04:00
WWVB 470fd8a0ce
Update readme.md 2019-03-26 09:00:28 -04:00
WWVB 32d7801f0e
Update readme.md 2019-03-26 08:59:09 -04:00
WWVB fa33a23a72
Update readme.md 2019-03-26 08:57:48 -04:00
WWVB d31b0174b7
Update readme.md 2019-03-26 08:56:37 -04:00
WWVB 3ee2668f7e
Update readme.md 2019-03-26 08:53:57 -04:00
WWVB c52ce015de
Update readme.md 2019-03-26 08:52:28 -04:00
WWVB 3ed306ef99
Added SSHhhhhh (Linux) to the library
Plant your RSA key into the victim's authorized_keys, schedule a reverse shell via CRON and grab the contents of the .ssh folder.
2019-03-26 08:51:04 -04:00
G4te-Keep3r 502576d7ed Made ALTCODE-TRANSCODER. (#373)
* Response to Hak5 2506

* A random 'e' ended up on line 58.

Line is blank now like it is supposed to be.

* Created readme

STAGE2 made more sense when it was STAGE1/STAGE2, but the transcoding is a special stage and the typing is stage 2 since the transcoding had to be done first.
2019-02-13 12:41:46 -08:00
Darren Kitchen b1309229cc
Added ALTCODE demo payload 2019-02-06 18:19:47 -08:00
Darren Kitchen d341068548
Added dropbox exfiltrator PoC payload 2019-01-30 12:17:55 -08:00
Rosius Yves 0ee25f8d0d Update payload.txt (#365)
Some more shortening. Only 183 characters!

powershell -w h "$p=$home+'\b.jpg';iwr h4k.cc/b.jpg -O $p;SP 'HKCU:Control Panel\Desktop' WallPaper $p;1..59|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}"

* Omit http:// from URI
* powershell -w h to start a hidden powershell windows
* set variable $p for later re-use (saves characters)
* Omit -Uri and redundant characters in -Outfile (-O)
 switches
* 1..59|% to create a loop for 60 seconds
* use $home as directory
2019-01-22 23:24:56 -08:00
Darren Kitchen 0273c87be2
Added key code spammer test payload 2019-01-22 23:22:21 -08:00
0rion fed24a87b4
Update Info.ps1
Gets COM& Serial Device PID&VID if doing a walk about and want to collect info on HID/PID&VID + MI for future use. just a thought
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table

"COM & SERIAL DEVICES"
"==================================================================" + ($COMDevices | Out-String)
""
2019-01-17 19:29:40 -07:00
0rion 9777ae0fee
Update for Info.ps1
Removes all Variables created during the session. I noticed my version of PS was storing them between simulated attacks. so removing them entirely was my resolve.

Remove-Variable -Name computerPubIP,
computerIP,IsDHCPEnabled,Network,Networks, 
computerMAC,computerSystem,computerBIOS,computerOs,
computerCpu, computerMainboard,computerRamCapacity,
computerRam,driveType,Hdds,RDP,WLANProfileNames,WLANProfileName,
Output,WLANProfileObjects,WLANProfilePassword,WLANProfileObject,luser,
process,listener,listenerItem,process,service,software,drivers,videocard,
vault -ErrorAction SilentlyContinue -Force
2019-01-17 19:21:02 -07:00
Darren Kitchen 9687a8d830
Added cross platform lockout payload 2019-01-16 17:57:32 -08:00
Darren Kitchen d386f07d8e
Added wallpaper prank payload re: Hak5 episode 2502 2019-01-09 10:58:36 -08:00
Darren Kitchen 820576a103
Updated title 2019-01-01 14:37:25 -08:00
Darren Kitchen e61d58d488
Added the cross platform continuous locker payload 2019-01-01 14:36:44 -08:00
Eric Briese e0c355da0a Changed options to be in payload.txt per best practices 2018-12-29 22:51:23 +10:00
Eric e527ab16a5
Moved screen height and width to config file. 2018-12-29 22:27:19 +10:00
TheG3ntl3man aac697e89a
Adding Delay
You must add a delay after RUN WIN cmd or it won't always write on the cmd
2018-08-05 10:33:50 -04:00
Mathew Fleisch ae176d1d14
Two stage mac (#2)
* Add init payload files
* Unhide hidden files after copy. bug fixes
* update readme
2018-07-07 12:32:44 -07:00
Mathew Fleisch 33b71367c4 Bring up to date 2018-06-23 08:01:42 -07:00
metalkey ee48a74dc6 Added readme (#337)
Updated author details
2018-06-04 13:31:43 +10:00
Zappus 4731402ad9 added MalwareBunny
added MalwareBunny payload
2018-05-26 09:34:37 -04:00
golem445 9fab25740d Bunnyhound and Quickdraw added (#343)
* Add files via upload

Initial payload

* Add files via upload

Initial payload
2018-05-20 14:23:53 -07:00
golem445 be78dafbfc Add files via upload (#342) 2018-05-20 11:29:10 -07:00
root 989be5976a update powershell run line and fix complete check 2018-05-10 13:07:22 -05:00
root e984278d66 Merge remote-tracking branch 'upstream/master' 2018-05-07 09:35:47 -05:00
James Cullum (Pseudonym) 33ba79d692 Updated RaZ_ReverseShell
- Clean up traces
- Bugfixes on newer firmware
- Improved documentation
- Fake hardware identifier
- Added persistence via autostart
- Disconnect on end
2018-04-16 22:57:50 +02:00
metalkey 65d652a15c Add Hershell Encrypted Reverse shell payload (#335) 2018-04-11 21:21:40 +10:00
bg-wa 9ab8820cc5 Moved payload to execution folder 2018-01-27 20:45:55 -08:00
bg-wa b3b9f75200 All Working with executable and overwite options 2018-01-27 18:33:25 -08:00
Tudor Gheorghiu 9011db7fae Update unicorn readme.md (#302) 2018-01-28 10:27:46 +11:00
Alex Flores 6345354375 Added chrome extension installer payload (#315)
- uses new AUTOETHERNET attackmode
 - uses new GET TARGET_OS functionality
 - uses new DEBUG function
 - uses new MAC_HAPPY extension
2018-01-28 10:26:53 +11:00
bg-wa 920ff7fa67 New options for optical exfil payload (#317) 2018-01-28 10:24:58 +11:00
bg-wa 5c764849f3 Check Point 2018-01-27 10:31:59 -08:00
bg-wa afdafb27d6 The Ol'Drop'n'Run 2018-01-27 00:09:35 -08:00
bg-wa 821105a6a3 Cleanup LINUX only... 2018-01-27 00:05:57 -08:00
bg-wa 81e6d536dd Added Optical Exfiltration Payload (#316) 2018-01-27 15:47:39 +11:00
bg-wa 31ae33e78a Start of drop file 2018-01-26 20:36:59 -08:00
KeenanV 7f902403d4 Persistent Reverse Shells for MacOS and Windows 10 (#306) 2018-01-22 10:39:14 +11:00
c64whiz a998f5c86c Add random interval to InfiniteControl payload (#310) 2018-01-22 10:38:38 +11:00
Jonathan Debétaz 940dc09043 Payload updates (#309) 2018-01-15 15:36:49 +10:00
root d978800874 merge upstream 2017-12-19 13:29:12 -06:00
Thorsten Sick f8a442e66d Proof-of-concept added: EICAR of bash bunny HID simulation for Linux (#298) 2017-12-12 19:12:36 +11:00
danthegoodman1 6fa5887aae Addition of Exfiltration payload (#300) 2017-12-12 19:11:25 +11:00
Thorsten Sick fae8746466 Added "Info Grabber for Linux" payload (#299) 2017-12-08 07:13:14 +11:00
saintcrossbow 08c24c4389 Added SmartFileExtract payload (#296) 2017-11-27 12:16:17 +11:00
Trae Horton 53cf608b7f Add BlueTeamPCAudit payload (#261) 2017-11-23 06:32:45 +11:00
Wesley a48d9e2a61 Updated "Linux Reverse Shell" to v1.2 (#262) 2017-11-22 09:59:18 +11:00
Michael Weinstein 00cee07ec0 Added "Bushings blue turtle" payload (#263) 2017-11-22 09:54:02 +11:00
Prodicode e0abae7179 Added Powershell injection script with Unicorn payload. (#288) 2017-11-22 09:51:59 +11:00
illwill 3a1b26e9c4 Violation of CoC (#294)
* removed due to Code Of Conduct

* removed due to violation of Code of Conduct

* Delete md.ps1

* Delete p.ps1

* violation of coc

* Delete server.py

* violation of coc

* Delete payload.txt

* Delete readme.md

* Delete payload.txt


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete readme.md


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete readme.md


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete payload.txt


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete readme.md


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete RR.ps1


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete background.mp3


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete payload.txt


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete readme.md


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete Sherlock.ps1


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete payload.txt


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny

* Delete readme.md


 Deleted due to CoC. 
 please see original code 
 https://github.com/xillwillx/BashBunny
2017-11-20 23:23:52 -08:00
danielgohlke dbae32c86d Update win93 prank payload (#291)
Removed usage fixed browsers and added commands to use the default system browser
2017-11-20 14:21:15 +11:00
Mikee 69cd48ee05 Added Startup-Message payload (#260) 2017-11-20 14:20:16 +11:00
ReshephTheGray d65380bd94 New payload GetServicePerm (#290) 2017-11-20 14:16:56 +11:00
RazerBlade f97b75983d Updating PasswordGrabber to make it more easily understandble (#293) 2017-11-20 14:15:12 +11:00
fratervi fc0b43a403 Added Lock PC prank payload (#282) 2017-10-27 09:46:37 +11:00
dbuttars12 763639b305 Add win support for prank 93 (#264) 2017-10-26 14:34:04 +11:00
DannyK999 060d5744b0 Updated InfoGrabber payload (#279) 2017-10-26 11:38:08 +11:00
Andre Santos c58e10dcab Add RevShellBack payload (#265) 2017-10-26 07:06:13 +11:00
Aidan Holland 5a77792c1d Update and fix payloads (#277)
* Updated all Payloads for Version 1.2+

Fixed Style Issues on extensions and payloads.
Added GET TARGET_OS to get.sh
Removed and Fixed all uses ducky_helper.sh (Issue #248)
Removed all mention of DUCKY_LANG (Issue #248)
Renamed Payloads with spaces in name
Added an extension to keep Macs Happy
Added a payload for Mac DNS poisoning
Fixed Issue #271 changed wget to curl -o
Implemented PR #268
Implemented PR #273

* Fixed e.cmd

* Fix e.cmd pt2

* Fixed Issues

Fixed issues pointed out by @sebkinne
Fixed styling errors
2017-10-25 11:10:17 +11:00
Hink 91c7c2276f cleaned up and extended 2017-10-11 11:42:03 -05:00
Darren Kitchen c0ab8d3e88 Fixed RNDIS typo in Win93 Prank (#259) 2017-09-28 17:38:47 +10:00
Michael Weinstein 31468c0e63 mac attack
Got mac attacks working now. SEDing in place on a mac seems like something that really makes the terminal unhappy.  Did the same thing with a python one-shot command.
2017-09-24 02:11:45 -07:00
Michael Weinstein c30c99e668 Version 0.1 working
Added readme and polished up the payloads.  Seems to be working now.
2017-09-21 15:56:41 -07:00
Michael Weinstein 06d36975d1 Try/except harder
Moved the try in the main try/except block so we will always get the original intended command to run.
2017-09-21 10:22:24 -07:00
Michael Weinstein 99e6b63f42 Testing bug fixes
Windows line endings removed.  Grrrr.  WTF, microsoft?

Found and fixed bug caused by missing default ssh config files making the program index into a NoneType by checking to make sure there's data there before indexing in.

Added the blanket try/except block for silent failures.  Main cause of these appears to be very badly written (invalid) ssh commands.  This is probably the best behavior the program could have with these... just silently run them and let them fail normally.  Do not pass go, do not collect 200 passwords.
2017-09-21 01:34:02 -07:00
Michael Weinstein 77b1a4e123 Now with injection and cleaning 2017-09-19 23:47:21 -07:00
Michael Weinstein 0f4129b124 Python payload prototype
Version has been tested to deal with some command line scenarios.  Still want to test its ability to work with paramiko, including trying to get it to install if it hasn't already.
2017-09-19 14:14:59 -07:00
James Coates 01dd281e4f Update PasswordGrabber payload (#246)
Fixed issue where script would not work before 10 AM, puts in a space which makes the path broken.
2017-09-12 16:22:29 +10:00
Mohamed A. Baset ddcd785deb Metasploit Autopwn Bash Bunny Payload (#242) 2017-09-08 09:18:44 +10:00
Didier Stevens cb706bcacc New version of InfiniteControl (#243)
Changed LED colors, added BREAK.
2017-09-08 09:17:44 +10:00
Layer8Err 61793e6f0b Added Windows NIC Sharing payload (#233)
Bash Bunny payload for setting up Internet Sharing with Windows 10
2017-08-15 11:23:19 +10:00
jafahulo 761dd0e433 Add macDesktop prank (#236)
* Add macDesktop prank

Runs a script in background that will download pictures of my little pony (or whatever else you'd like, just change the urls to the pictures) and randomly sets that as their desktop background every 45 minutes - 5 hours. You can change number in for loop to decide how many times it will change their background.

https://forums.hak5.org/topic/41605-payload-macwallpaper/

* Update readme

* Save process Id as file name to /tmp

Save process Id as file name to /tmp so that you can easily kill the prank if someone is screaming at you.
2017-08-15 10:59:04 +10:00
InvaderSquibs 3c2dd4ac1e Added stickyBunny payload (#232) 2017-07-24 14:00:33 -07:00
DavidSpek 6a9134d84b Added Simple Hosts DNS Spoofing payload (#223)
* Local hosts DNS spoofing attack

This is a simple hosts DNS spoofin attack, where the target gets redirected to a set IP when going to a certain website.

* Create README.md

* Update README.md
2017-07-10 07:34:00 +10:00
Johan Moritz 691f7e5bc9 Fixed errors in public IP address command (#226)
When no Internet connection is available the command runs into an error:
"The remote name could not be resolved: 'ipinfo.io'"
Fixed this with a try and catch block

The command also runs into an error when Internet Explorer was never started.
"Invoke-WebRequest : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the
UseBasicParsing parameter and try again"
Fixed this with the -UseBasicParsing parameter
2017-07-10 07:30:55 +10:00
RalphyZ 113e35c736 Fixed a couple of bugs in payloads (#230) 2017-07-10 07:29:38 +10:00
Tristan Mahé 80d622e16e Added Win93 prank payload (#231)
* win93 payload initial release

* readme.md: added TODO

* payload.txt: corrected the command, no need to escape everything

* initial windows support
2017-07-10 07:28:11 +10:00
Murty007 0f83db10f5 Added payload to analyse users .lnk files (#228)
* Add files via upload

* Add files via upload
2017-07-10 07:27:22 +10:00
Zac fd0a0d0f6f Update Gitbunnygit README.md (#221)
Updated the tail command listed to monitor progress to point to the git log used in the script.
2017-06-01 14:04:54 +10:00
subinacls a487d0a5db Added JavaScript Reverse Meterpreter payload (#217)
* Create JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

final version before pull request

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

had to chop up the shellcode so it would echo properly to file, overly long strings terminated premature

* Create Readme.md

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Update JSRevMeter

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Rename JSRevMeter to payload.txt
2017-05-18 14:56:15 +10:00
Kyle Hoehn 9c527c29c4 Added USB Intruder payload (#220)
* USB Intruder

Initial upload of the USB Intruder v1.1

Tested on Windows 7 and Windows 10.

* USB Intruder

Updated Readme.

Forgot to add a line.

* Update...again...

Added link for forum comments/discussion.

* USB Intruder

USB Intruder v1.1 Commit.
2017-05-18 14:52:54 +10:00
hink 9eed215260 Update psh_downloadexec to use proper gohttp path (#219) 2017-05-18 09:55:02 +10:00
Ben 941180d59a Added SudoBackdoor payload (#216)
* add SudoBackdoor patload

* fix readme

* fix readme 2

* fix readme 3

* add skip key for sc (ssh)
2017-05-12 11:55:40 +10:00
Mule Skinner bf063c1219 Added sFTP Directory Grabber payload (#215) 2017-05-11 19:24:33 +10:00
hink 0eef84647e Updated psh_DownloadExec to v1.2 (#210)
* Powershell SMB Delivery

* fixed smbserver.py call

* Updated to use HID and RNDIS_ETHERNET at the same time. Upgraded to Golang webserver

* Removed binary
2017-05-03 14:17:19 -07:00
David d02d25d2b6 Add initial readme to UndercoverBunny (#211) 2017-05-02 19:02:05 -07:00
TheRoninRunner 4e55aae0ac Added WifiPass payload (#212)
* WifiPass payload

Based on the WiFiCreds payload, with a focus on WPA networks and wider OS scope.

* Lights

Solid rather than blinking

* Extra comment

* Update payload.txt

* Create readme.md

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md
2017-05-02 19:00:44 -07:00
hink 4d9bfeedd3 Updated psh_DownloadExecSMB payload for fw v1.2 (#209)
* Powershell SMB Delivery

* fixed smbserver.py call

* Combined ATTACK MODES, improved SMB check

* version fix
2017-05-02 18:41:44 -07:00
Bry-fi 4165a2dda9 Updated browserData payload for firmware v1.1+ (#185)
* Fixed for 1.0 and 1.1

Fixed the payload for 1.0 but if you want it ported for 1.1, change line 38 to (LED M)

* Made 1.1 compatible.

Still need to examine Get-BrowserData.ps1
2017-05-02 02:26:32 +10:00
Sebastian Kinne d819b33afb
Moved extension folder out of the payload library folder 2017-05-01 12:14:54 +10:00
Sebastian Kinne 744165b31e
Added config.txt with default values and removed all references of DUCKY_LANG from existing payloads 2017-05-01 12:11:20 +10:00
Sebastian Kinne 415852c8f9
Remove superfluous DuckyInstall payload 2017-05-01 12:04:43 +10:00
David bf5beeefbe Added Bunny-Flip payload (#208)
* Create payload.txt

* Create README.md

* Added options

* Create README.md

* Create payload.txt

* Rename payloads/library/prank/README.md to payloads/library/prank/Bunny-Flip/README.md

* Delete README.md

* Delete payload.txt
2017-05-01 10:21:08 +10:00
jdetmold 33d62ff9e9 Added MacProfiler payload (#195)
* clean up loot

added sub folder so all files are not in root of loot folder

* MacProfiler

NewPayload for Profiling Mac systems

* Make DIR
2017-04-30 11:19:19 +10:00
Nimrod levy 960bd207f9 Payload: Fixed stability issues and updated "MrRobot" for firmware v1.1 (#207) 2017-04-30 11:09:53 +10:00
RalphyZ 750d384df7 Updated payloads for fw v1.1 (#176)
* Mac Reverse Shell

Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh.  It then runs the script in the background and closes the terminal window.

* Added variables for IP and Port of the Netcat Listener

For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener.  Change those values to your listener and no other edits should be needed.

* Added persistence (and a reason to have a dropper)

This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval.

* Mac Reverse Shell

Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh.  It then runs the script in the background and closes the terminal window.

* Added variables for IP and Port of the Netcat Listener

For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener.  Change those values to your listener and no other edits should be needed.

* Added persistence (and a reason to have a dropper)

This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval.

* Fixed additional MacReverseShell

* Added readme.md files

* Added readme.md files

* Added readme.md

* Added readme.md files

* Added readme.md files

* Updated for firmware 1.1

* Updated for firmware 1.1

* Added ThemeChanger and updated for firmware 1.1

* Updated readme.md

* Updated for firmware 1.1 - using RUN command

* Fixed issues with the new RUN - reverted

* Fixed a few script problems

* removed binary and updated readme.md

* added a check for themepack

* edited themechanger readme

* updated readme.md and version
2017-04-29 08:49:35 +10:00
Alex Flores ca9e53c5a8 updates sMacAndGrab for bashbunny fw1.1 (#202) 2017-04-27 13:04:38 +10:00
Alex Flores 22cbf92a3b updates shellexec for bashbunny fw1.1 (#203) 2017-04-27 13:03:57 +10:00
SkiddieTech 9efc5e95a0 Added UACBypass payload (#191)
* UACBypass ported from ducky to bunny

* Forgot to set device as storage

* Improvment

* Updated for firmware 1.1

* Old
2017-04-20 10:55:56 +10:00
Sebastian Kinne 57aff92f82
Move setkb extension to correct folder 2017-04-18 16:51:35 +10:00
hink ca5d404dbe Added psh_DownloadExecSMB payload (#172)
* Powershell SMB Delivery

* fixed smbserver.py call
2017-04-17 10:19:49 +10:00
hkessel1 e06b42b328 Create Undercover Bunny
Undercover bunny is a Bash Bunny script that creates a wifi network when connected using the hosts internet connection.

Added LED's

Update Undercover Bunny

Rename Undercover Bunny to payload.txt

Moved UndercoverBunny into the correct payload folder
2017-04-17 10:00:18 +10:00
Biocow b40541f787 Updated Ducky Template for firmware v1.1 (#177)
* Updated for firmware version 1.1

Updated version number.
Updated LED status table.

* Update Ducky Template for firmware 1.1

Updated LED statuses
Updated language to DUCKY_LANG
removed 'source bunny_helpers.sh' and used 'GET SWITCH_POSITION' instead.

* Fix DUCKY_LANG vs. DUCK_LANG typo

Fix typo pointed out by Sebkinne

* Update payload.txt
2017-04-17 09:48:08 +10:00
Sebastian Kinne b930b97baa
Moved PasswordGrabber into correct category 2017-04-16 19:07:52 +10:00
RazerBlade 2903a16d89 Added Password Grabber payload (#169)
* Add files via upload

* Update readme.md

* Update e.cmd

* Update payload.txt

Added 1.1 Firmware support

* Update e.cmd

Added Date and time functions and added some comments

* Delete laZagne.exe

* Update readme.md

Added support to Hak5 new guidelines

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md
2017-04-16 19:03:03 +10:00
TheRealNoob 1d95d9bfb8 Updated SMB_Exfiltrator payload to wait for port 445 (SMB) rather than ICMP Ping response (#173) 2017-04-16 18:57:02 +10:00
0xCoto 7c1a4a30f2 Updated SingleSecondShell for Bash Bunny v1.1 (#179) 2017-04-16 18:15:38 +10:00
Baur 2d651c75f0 Updated DumpCreds for bunny fw v1.1 (#168)
* DumpCreds Version 2.1
- new payload.txt special for BashBunny FW 1.1
- minor changes in main.ps1
- insert some code for debugging

* Updadet becaus new fork sync

* new payload.txt special for BashBunny FW 1.1
+ minor changes in main.ps1
+ insert some code for debugging
2017-04-16 16:03:02 +10:00
k1ul3ss 7534270a7a Added MacPDFExfil payload (#186) 2017-04-16 15:53:49 +10:00
GeneralBison 6cf19a1fdb Fixed typo in NotepadFun payload (#165)
DELY vs DELAY
(Look Mum, I'm helping!)
2017-04-10 17:42:25 +10:00
Darren Kitchen b4b23c04f1 Added file sync to smb_exfiltrator payload 2017-04-10 15:54:39 +10:00
Darren Kitchen bdcbc45c94 Updated smb_exfiltrator payload for Bash Bunny v1.1 2017-04-10 15:50:27 +10:00
Wesley 7f1172849b Updated LinuxReverseShell for BashBunny Fw v1.1 (#164) 2017-04-10 15:38:02 +10:00
Sebastian Kinne 85b1bc7aca
Cleanup: Sort payloads by category 2017-04-10 13:29:17 +10:00
Didier Stevens 288d90c60e Added InfiniteControl payload (#157)
Hit the CONTROL key every 10 seconds in an infinite loop, while blinking
the red LED with every keypress.
2017-04-10 12:31:31 +10:00
The10FpsGuy 100ccb0e63 Updated Notepad_Fun payload.txt to include target (#158) 2017-04-10 12:15:24 +10:00
Ben 32468087e1 Updated WindowsCookie for firmware v1.1 and fix powershell regex for Windows 7 (#161) 2017-04-10 12:11:33 +10:00
hink ce0c7d2dbd Updated QuickCreds payload for Bash Bunny v1.1 2017-04-10 12:06:04 +10:00
Nicholas Adamou 6e7292699b Updated GitBunnyGit to work with Firmware v1.1 (#145) 2017-04-10 12:00:00 +10:00
Dan Borges ca9e466ce7 Added MacPhish payload (#70)
* Adding the MacPhish payload, uses HID and STORAGE modes on BashBunny. For OS X, uses spotlight to launch terminal, then uses osascript command to phish for the users password, then saves the phished password back to the bashbunny.

* Update readme.md
2017-04-07 17:23:48 +10:00
Mohamed A. Baset 05f34b16ee Updated SmacAndGrab payload with more loot :)
More loot from https://github.com/Seekurity/BrowserCookieGrabber/blob/master/browserCookieGrabber.sh
2017-04-07 17:22:23 +10:00
Biocow de28cc7679 Updated MacInfoGrabber payload to remove superfluous newline (#74)
There was a line break on line 30 where in reads Chrome cookies and moves to BashBunny mass storage. Removed line break.
2017-04-07 17:20:12 +10:00
RazerBlade aaa246f714 Added PasswordGrabber payload
* Add files via upload

* Update readme.md

* Update e.cmd
2017-04-07 17:19:41 +10:00
ASarcasticGuy 6542907c6e Added FileInfoExfil payload (#76)
* Scan for files that contain a specific phrase and exfil info about them

* Delete FileInfoExfil

* Create FileInfoExfil

* Delete FileInfoExfil

* Scans system for files beginning with a specific phrase and exfils data from them

* Delete ducky_script.txt

* Delete p.bat

* Delete payload.txt

* Exfil file information to the loot folder

Exfiltrates file information of files that contain a specific phrase, including if it is a directory, the file path and file size (in KB) to the loot folder of the BashBunny.

* Delete p.ps1

* Add files via upload

* Create readme.md

* Delete readme.md

* Create readme.md

* Update payload.txt

* Update readme.md
2017-04-07 17:18:48 +10:00
zachstanford 217dee5249 Added Browser Data payload
* browserData

* Fix error
2017-04-07 17:16:18 +10:00
Eric fe70f7e5b4 Added MacGetUsers payload (#78) 2017-04-07 17:14:35 +10:00
Silvian c5510c9daa Added WindowsMeterpreterStaged and WiFiGrabber payloads (#85)
* added wifi grabber and windows meterpreter staged payload

* created details and updated content of payloads - ready for publication to hak5 bash bunny scripts

* created details and updated content of payloads - ready for publication to hak5 bash bunny scripts

* Added a rename file

* added the rename file
2017-04-07 17:10:54 +10:00
Darren Kitchen 9deb63d268 Merge branch 'master' of https://github.com/hak5/bashbunny-payloads 2017-04-07 16:56:56 +10:00
NightStalker c14732e57a Added ProxyInterceptor payload (#82)
* Sets specified proxy and imports certificate for  MITM

* Update cert.pem

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update vars.ps1

* Update payload.txt

* Update README.md

* Update README.md
2017-04-07 16:56:28 +10:00
Darren Kitchen e0ed65ad9b Updated WindowsCookies payload for Bash Bunny v1.1 2017-04-07 16:56:17 +10:00
nutt318 385a54656c Added FTPExfiltration payload (#90)
* First commit of all documents

First commit

* Fixed user document folder

* Removed unneeded line

* Edited URL to forum
2017-04-07 16:51:38 +10:00
Darren Kitchen d5ccd9ae4c Merge pull request #72 from oXis/master
Facebook cookies grabber
2017-04-07 16:48:51 +10:00
RalphyZ 0ac3b7d58d Updated MacReverseShell payload (#93)
* Mac Reverse Shell

Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh.  It then runs the script in the background and closes the terminal window.

* Added variables for IP and Port of the Netcat Listener

For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener.  Change those values to your listener and no other edits should be needed.

* Added persistence (and a reason to have a dropper)

This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval.
2017-04-07 16:47:59 +10:00
Simen A K 243d50ab3a Updated InfoGrabber to version 2.0 (#32)
* InfoGrabber by MrSnowMonster - Version 1.0

A payload that collects information about a wndows computer and places it in a textfile.

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Version 1.1

* Update info.ps1

Added some mor informations and repaired "0123"
Testen on Win10

* Update 2

added windows passwords

* Update 1.1

Updated
2017-04-07 16:36:11 +10:00
ricky5ive bfbb8afe43 Added dryClean payload (#98)
* Create README.md

* Create payload.txt
2017-04-07 16:32:11 +10:00
Darren Kitchen 4ce2b50cb2 Updated USB Exfiltrator payload for Bash Bunny v1.1 2017-04-07 16:30:44 +10:00
Darren Kitchen d8ab0ac587 Removed tools-installer payload (deprecated in BB v1.1) 2017-04-07 16:02:48 +10:00
Darren Kitchen 4c41f449de Updated RDP Checker payload for Bash Bunny v1.1 2017-04-07 16:00:38 +10:00
Wesley b864fc30a7 Added LinuxReverseShell payload (#107) 2017-04-07 15:57:19 +10:00
hink 1760b60b4f Added psh_DownloadExec payload (#110)
* [PAYLOAD] psh_DownloadExec

* readme

* Better status check and borrowed improvments from Hak5Darren

* Updated for BashBunny v1.1_x

* markdown fix
2017-04-07 15:54:54 +10:00
Darren Kitchen 5dbb31506d Updated nmapper payload for Bash Bunny v1.1 2017-04-07 15:51:26 +10:00
Darren Kitchen 20c820eeb0 Updated nmapper for Bash Bunny v1.1 2017-04-07 15:51:25 +10:00
Darren Kitchen 4346b86ecd Removed old smb_exfiltrator payload and renamed faster_smb_exfiltrator
Old version is now deprecated. I'll eventually merge the older technique
into the existing smb_exfiltrator with execution options.
2017-04-07 15:51:23 +10:00
illwill 147a71fe4f Added browsercreds, wificreds, and mrrobot payloads (#114)
* Initial commit

HID Powershell attack to dump WiFiCreds

* Update readme.md

* changed initial LED blink color to white

* Changed initial LED color to white

* Changed initial LED Color to white

* swapped sync before LED

* switched from powershell to batch

* Update payload.txt

* using powershell again , updated version and LEDs

* using powershell, added usb eject,  Win 7,8,10

* added window resizing to hide payload typing

* Update payload.txt

* pull request

* BrowserCreds Pull

* separate powershell script called from payload

also added result detection

* update LEDs

* Update payload.txt

* initial commit

* Update payload.txt

* initial pull

* initial commit
2017-04-07 15:48:20 +10:00
0xCoto 741b4a67e5 Added SingleSecondShell payload (#115)
* Add files via upload

* Update readme.md
2017-04-07 15:45:09 +10:00
Pete Camuso 34003917ee Added NothingLess payload (#120)
Maps the file system and stores it in c:\users\tempa
Shares a drive or location to everyone and grants full security permissions to everyone
2017-04-07 15:36:11 +10:00
bg-wa 63b281646a Added AndroidOpenURL payload (#125) 2017-04-07 15:33:02 +10:00
mrbaselier 5f582ed819 Added BlackBackup Payload (#129)
* BlackBackup

BlackBackup is a Powershell (and thus Windows) backup script that is easy to configure. Make quick backups of files, the registry, passwords, WiFi Keys, SAM database etc. and save them to the BashBunny. This is a HID + STORAGE attack. Now, let's eat some carrots!

* Update credentials.ps1
2017-04-07 15:31:01 +10:00
The10FpsGuy ff05828ee8 Added Notepad_Fun Payload (#130)
* Funny Notepad Prank

* Update payload.txt

* Update payload.txt
2017-04-07 15:27:03 +10:00
DemmSec f94fcc1b66 Added a Fireytv payload (#135)
* Created payload to shell an amazon fire tv

The payload performs keyboard emulation in order to enable ADB and unknown sources on the target FireTV. Once this is completed the payload then installs a payload.apk file via ADB and then runs it.

* Created readme
2017-04-07 15:18:34 +10:00
Baur 18e71d2882 Added DumpCreds 2.0 payload (#138)
* Add files via upload

Init of DumpCreds 2.0

Dumps the usernames & plaintext passwords from 
 - Browsers (Crome, IE, FireFox)
 - Wifi 
 - SAM Hashes
 - Mimimk@tz Dump
 - Computerinformation (Hardware Info, Windows ProductKey, Hotfixes, Software, Local, AD Userlist)
 
 without 
 - Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock)
 - Internet connection (becaus Firewall ContentFilter Blocks the download sites)

* Minor Fix

* Somf file to much

* Changes in main.ps1 - paralellize the Powershell scripts

Changes in payload.txt - Universal payload no matter if admin rights or not

Some minor changes in all PS\*.ps1 files

Signed-off-by: qdba <dieter@baur.nu>

* Forget a File

* WifiCreds changed

* Changes in README.md

* Changed Get Chrome-Cred.ps1 from https://github.com/EmpireProject/Empire/tree/master/data/module_source/collection

Changed BUILD in main.ps1
Changed Build and Credits in README.md
2017-04-07 15:13:12 +10:00
jafahulo eb68665c67 Update WiPassDump and add UnifiedRickRoll, Ascii-Prank, and Photobooth prank payload (#139)
* optimized WiPassDump payload to run in one file and a bit quicker.

* Create Prank folder and add UnifiedRickRoll payload

* Added UnifiedRickRoll support for windows

* Updated documentation on UnifiedRickRollWindows

* Causes payload to use roughly 30 times less processing power.

* Added Ascii-Prank Rick roll and Photo-Booth prank
2017-04-07 15:09:47 +10:00
DeeKoy 945b5c14d9 Added BruteBunny and ProcessInfo payloads (#140) 2017-04-07 15:01:37 +10:00
SirLurkSalot fc1d812d96 Added PowershellTCPExtractor (#144) 2017-04-07 14:49:35 +10:00
Sebastian Kinne 19c581613a Merge branch 'master' of github.com:hak5/bashbunny-payloads 2017-04-07 14:30:25 +10:00
Sebastian Kinne f485299bd5
Updated Captiveportal for Bash Bunny v1.1 2017-04-07 14:28:56 +10:00
Darren Kitchen f554fcc4f4 Updated 90s Mode for Bash Bunny v1.1 2017-04-07 14:27:30 +10:00
Darren Kitchen 00cb49354b Updated 90s Mode for Bash Bunny v1.1 2017-04-07 14:08:44 +10:00
Sebastian Kinne 6022c620e5
Remove obsolete payloads.txt 2017-04-07 12:43:14 +10:00
Sebastian Kinne 23583addf5
Remove bunny_helpers.sh and add the new 1.1 extensions 2017-04-07 12:40:00 +10:00
Mathew Fleisch 9fe8bddb49 Update read-me 2017-03-29 07:59:48 -07:00
Mathew Fleisch c0743ccd31 merge 2017-03-29 01:12:38 -07:00
Mathew Fleisch 2ee6e16a2f Added new quick-commands and a hover state for the attack-mode-switcher buttons 2017-03-29 01:11:17 -07:00
Mathew Fleisch b22dd031b8 new screenshot files 2017-03-29 01:09:27 -07:00
Mathew Fleisch abfea1f683 bug fix 2017-03-29 00:38:19 -07:00
Mathew Fleisch 8cad8b4e2a Stripped out “quick-commands” from main script and introduced switch-attack-mode 2017-03-29 00:31:07 -07:00
Darren Kitchen 60616e7e35 Merge pull request #123 from hak5darren/master
Add faster SMB Exfiltrator payload
2017-03-28 20:10:53 +07:00
Darren Kitchen 02d0358ccb Add faster SMB Exfiltrator payload 2017-03-28 20:10:01 +07:00
Mathew Fleisch ea483975fd Add “tools_installer” quick command 2017-03-26 15:17:37 -07:00
Mathew Fleisch c10a388f8c Fix bug in read-me 2017-03-26 14:15:48 -07:00
Mathew Fleisch f7c7c55f26 Bug fix: only execute on enter key 2017-03-26 14:14:35 -07:00
Mathew Fleisch 92efc2e097 Add some screenshots to the readme file 2017-03-26 14:04:09 -07:00
Mathew Fleisch cc537b1622 Add some screenshots for the readme doc 2017-03-26 13:58:04 -07:00
Mathew Fleisch c8447375ea Add concept of “quick commands” and remove git from main menu 2017-03-26 13:35:48 -07:00
jumbopackets 0f2ddd9abe Change username input tag's type attribute from "username" to "text"
"username" is not a valid value for the type attribute in an input tag,
which causes it to fail formal validation.  Probably would never
*really* affect anything, but...you know...
2017-03-26 15:55:43 -04:00
Mathew Fleisch a1471e3a76 Added “console” and spiffed up the layout/design a bit. 2017-03-26 06:29:27 -07:00
Mathew Fleisch 7368fc9b19 Added switch directory location to log file 2017-03-25 11:40:16 -07:00
Mathew Fleisch 84f07261ba Remove hard-coded switch directory in place of bunny_helper variable 2017-03-25 11:39:12 -07:00
Mathew Fleisch 0635da0933 Added Read-me doc and made some slight bug fixes 2017-03-24 17:37:43 -07:00
Mathew Fleisch ef456ab581 Fix readme doc 2017-03-24 17:37:11 -07:00
Mathew Fleisch 92e2ed509f Added Read-me doc and made some slight bug fixes 2017-03-24 17:36:10 -07:00
Mathew Fleisch 2c21fa6248 fix which php bug 2017-03-24 16:14:57 -07:00
Mathew Fleisch ac1c6020f9 Add check for php and install if it isn't found 2017-03-24 16:04:45 -07:00
Mathew Fleisch f8614a3c1a Initial commit of the "BrowserBunny" payload
This payload is intended to be able to quickly switch out payloads in the other available switch directory.
2017-03-24 15:34:31 -07:00
oXis 10966f7dc8 New version, fully offline 2017-03-23 20:18:37 +00:00
oXis dc47035272 Merge remote-tracking branch 'upstream/master' 2017-03-23 20:03:57 +00:00
Darren Kitchen 46e65e5eff Merge pull request #96 from surrealalucard/master
Modified smb_exfil to be more hidden
2017-03-23 09:17:35 +07:00
Darren Kitchen 67005a8b0d Updated LED status and added discussion link 2017-03-23 07:55:59 +07:00
Sebastian Kinne 7bbb092d54 Merge pull request #59 from audibleblink/payload/shellexec
[PAYLOAD] - ShellExec
2017-03-23 08:48:05 +11:00
Surreal 2978c85d6a Updated smb_exfiltrator to be more hidden
Modified -WindowStyle to be hidden instead of minimized
2017-03-22 16:13:32 -04:00
Darren Kitchen e73dd7df9e Merge pull request #86 from hak5darren/master
Add SMB Exfiltrator Payload
2017-03-22 22:16:51 +07:00
Darren Kitchen 42819e4e6b Add SMB Exfiltrator Payload
This is an awesome payload check out Hak5 episode 2202
2017-03-21 14:12:41 +07:00
Sebastian Kinne c9e41fc7d9
Payload: Fixed CaptivePortal 2017-03-21 08:19:12 +11:00
oXis e60512e4a1 fix delay 2017-03-18 12:25:03 +00:00
oXis 21abacc54f add firefox support 2017-03-18 12:09:34 +00:00
oXis 1ecaddbf55 add WindowsCookies payload 2017-03-17 19:59:11 +00:00
oXis 55aeb316af fix 2017-03-17 19:57:41 +00:00
oXis 62f185e5ff Add WindowsCookies payload 2017-03-17 19:52:40 +00:00
Alex Flores 8582c62376 iptables are always the answer 2017-03-16 18:22:38 -04:00
Alex Flores 448aea41c3 monkey patch fqdn search in BaseHTTPServer 2017-03-16 18:07:15 -04:00
Sebastian Kinne 14472b2a05 Merge pull request #65 from mathew-fleisch/master
Payload: Fixed a bug and updated the read-me doc.
2017-03-17 06:54:27 +11:00
Mathew Fleisch afd4e45e6c Updated read-me 2017-03-16 12:33:56 -07:00
Mathew Fleisch 9dab90d52a Moved log file location and changed how the /dev/nandf mount is detected. 2017-03-16 11:45:19 -07:00
Mathew Fleisch c9f037ee9d Use wild card instead of explicit directory numbers 2017-03-16 11:12:24 -07:00
Mathew Fleisch a1fcf6d584 Added better logging for debugging and updated read-me 2017-03-16 10:29:11 -07:00
Mathew Fleisch 00a365a706 Fixed a bug and updated the read-me doc. 2017-03-15 22:19:43 -07:00
Sebastian Kinne aa6bc50c39 Merge pull request #40 from ralphyz/master
Reverse Shell - with auto-increment port
2017-03-16 10:34:57 +11:00
Sebastian Kinne 3c5046f907 Merge pull request #60 from hak5darren/master
Add 90sMode Payload for immense fun
2017-03-16 07:57:05 +11:00
Alex Flores da987207f6 made some edits
* removed the paranoia mount. we don't need to test that the kernel
is doing it's job when mount fstab

* log to a persistent location

* edited ignore loop to include hidden directories
2017-03-15 15:44:01 -04:00
Mathew Fleisch d1598208c2 Minor changes and cleanup 2017-03-15 08:47:09 -07:00
Mathew Fleisch a30bd97954 Made some changes based on audibleblink's suggestions/comments 2017-03-15 08:29:28 -07:00
Darren Kitchen 47c863e5b5 Add 90sMode Payload for immense fun 2017-03-15 21:36:36 +07:00
Alex Flores b30ff86c2c add ShellExec payload 2017-03-15 02:30:29 -04:00
Mathew Fleisch d094d2c6e0 Payload to automatically set up/update git repo
This payload was made in collaboration with audibleblink through irc. We both came up with the same idea, but I took it a step further, by adding a git-pull/update after the first payload execution. Original repo at https://github.com/mathew-fleisch/Git-Bunny-Git
2017-03-14 21:43:53 -07:00
Sebastian Kinne 8a07d71927 Merge pull request #45 from GermanNoob/master
Updated install.sh to solve problems mentioned in forum
2017-03-14 14:05:20 +11:00
Sebastian Kinne 6c84710e9e Merge pull request #49 from audibleblink/update/smacandgrab
Payload: smacandgrab - adds comments and apple keyboard vid/pid
2017-03-14 13:50:39 +11:00
Sebastian Kinne 1e8406bc38 Merge pull request #52 from mrt0mat0/MRS
Add Mac Reverse Shell payload
2017-03-14 13:48:03 +11:00
Chris 70af321846 MRS initial add of reverse shell for mac 2017-03-13 21:50:31 -04:00
Chris 00684c8857 MRS initial add of reverse shell for mac 2017-03-13 21:45:07 -04:00
Alex Flores 6e5aeb2cfa mod hid/pid to show as apple keyboard 2017-03-13 18:57:54 -04:00
Alex Flores 0fd8973e12 fixes broken code
- fixes lootdir path
  - dont capitalize var names that aren't exported
  - indentation
  - escape shell characters that are passed to QUACK
  - account for variable copy times by joining cp and exit commands
  - sync the disk
2017-03-13 14:58:25 -04:00
Alex Flores 889723f455 version bump 2017-03-13 14:32:33 -04:00
Alex Flores f65e5ef2f2 red means failure; add amber light 2017-03-13 14:31:47 -04:00
Alex Flores 16c461d850 adds code comments 2017-03-13 10:25:04 -04:00
Sebastian Kinne f272fedbe1 Merge pull request #36 from audibleblink/master
Added Dynamic macOS file backups payload
2017-03-13 11:10:49 +11:00
Sebastian Kinne e797ad2e93 Merge pull request #46 from samdeg555/master
Add WiPassDump payload
2017-03-13 11:03:30 +11:00
Alex Flores 757c8a54fb adds mac pilfering payload 2017-03-12 19:55:32 -04:00
samdeg555 b0a130f96a Update payload.txt 2017-03-12 12:52:56 -04:00
samdeg555 cb0948a56e Update readme.md 2017-03-12 12:26:36 -04:00
samdeg555 9723480f9b Update payload.txt 2017-03-12 12:26:07 -04:00
samdeg555 c103288320 WiPassDump
Runs powershell as Administrator, bypasses UAC and dumps cleartext Wi-Fi passwords and infos to the Bash Bunny.
2017-03-12 12:24:28 -04:00
GermanNoob adb60ec163 added the use of bunny_helpers.sh
by the use of bunny_helpers.sh possible problems with the command "find" are avoided. If the user only copies the payload from the library folder then find will find two destinations for the portal.html and therefore the script will fail.
2017-03-12 15:03:25 +01:00
GermanNoob d756033c99 Updated install.sh to solve problems mentioned in forum
Within the forum https://forums.hak5.org/index.php?/topic/40237-install-tools/
there were several problems mentioned which are solved with this update:

1. No need to move instead of copying tools_to_install to the switch directory due to use of bunny_helpers.sh
2. Check if everything is copied works even when the user OS has added hidden files (removing hidden files before test)
2017-03-12 14:09:03 +01:00
Whistle Master 5dcef93e60 BunnyTap 2017-03-12 10:58:11 +01:00
ralphyz 938be26260 RAZ_VBScript
This payload executes a VBScript as the payload.  The sample VBScript creates a netcat reverse shell, but any VBScript can be substituted.  netcat.exe must be sourced elsewhere.
2017-03-10 19:51:19 -05:00
ralphyz c699fb6b72 Add files via upload
A simple script to create a netcat reverse shell. For Red Teamers - you can auto_increment the listener port by setting a flag to true in payload.txt.  netcat.exe is not included and must be sourced elsewhere.
2017-03-10 15:55:23 -05:00
Sebastian Kinne 5453f32a6c Merge pull request #24 from WatskeBart/patch-2
Update payload.txt
2017-03-10 10:16:47 +11:00
Sebastian Kinne 4447a5b287 Merge pull request #22 from kevthehermit/DuckyInstall
Update DuckToolkit to latest release
2017-03-10 10:16:09 +11:00
Sebastian Kinne 76be68b96d Merge pull request #23 from WatskeBart/patch-1
Update DuckyInstall install.sh
2017-03-10 09:58:48 +11:00
Sebastian Kinne 984d0ea829 Merge pull request #14 from IMcPwn/executableinstaller
Add bunny_helpers.sh to ExecutableInstaller
2017-03-10 09:54:08 +11:00
Sebastian Kinne 21848f89cd Merge pull request #17 from honourity/master
usb_exfiltration - added escape character for quack command variable
2017-03-10 09:45:57 +11:00
Sebastian Kinne e5bac68ea2 Merge pull request #21 from treed593/patch-1
Rename readme.txt to readme.md
2017-03-10 09:38:32 +11:00
bobmcdouble3 f0fff03845 Add files via upload 2017-03-09 07:01:33 -05:00
bobmcdouble3 dfeb225409 Add files via upload 2017-03-08 19:40:47 -05:00