Commit Graph

805 Commits (master)

Author SHA1 Message Date
panicacid 980debd8c0
Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530)
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP

Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)

* Changed from RUN WIN to QUACK STRING

Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh

* Added command to cover traks at the end of the script

added a line of powershell to clean out the run registry key to hide any evidence of the script running

* Added FollinaBunny

Added a new payload which leverages CVE-2022-30190 to execute code based on a malicious website hosted on the bunny itself.

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>
2022-06-01 12:05:20 -05:00
TW-D 80573a03ab
fake-sudo - Improvements and corrections (#528)
* Update README.md

* Update sudo-phishing.sh

* Update sudo-phishing.sh

* Delete payloads/library/phishing/fake-sudo directory

* Add files via upload
2022-05-29 16:21:12 -05:00
0iphor13 d5f9923b2a
Merge branch 'hak5:master' into master 2022-05-25 22:14:00 +02:00
I-Am-Jakoby 49c8edf636
Add files via upload (#523) 2022-05-19 13:33:06 -05:00
I-Am-Jakoby 145ffc36f6
New Payload - SafeHaven (#525)
* Add files via upload

* Update README.md
2022-05-19 13:26:50 -05:00
I-Am-Jakoby 791cc4e1aa
Add files via upload (#524) 2022-05-17 16:35:51 -05:00
TW-D dfe52e6a5c
Add "Fake sudo" (#522)
* Add "Fake sudo"

1) Copies the "sudo" command spoofing program to the user's home directory.
2) Defines a new persistent "sudo" alias with the file "~/.bash_aliases".
3) When the user "sudoer" executes the command "sudo" in a terminal, the spoofing program :
- __By default__ retrieves the username and password and writes them to "/tmp/.sudo_password".
- __But__ this behavior can be changed in line 21 of the "sudo-phishing.sh" file.
4) After sending, the spoofing program deletes the "sudo" alias. Then it deletes itself.

* Update README.md

* Update sudo-phishing.sh
2022-05-12 10:26:34 -05:00
I-Am-Jakoby 22b39a2469
11 payloads (#521)
* Add files via upload

* Add files via upload

* Add files via upload

* Add files via upload

* Add files via upload
2022-05-10 17:30:46 -05:00
0iphor13 44975914d5
Uploaded ReverseBunnySSL (#520)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md

* Update README.md

* Uploaded ReverseBunnySSL

* Update README.md

* Update README.md

* Update payload.txt

* Update README.md
2022-05-09 15:00:43 -05:00
0iphor13 8e73e0248e
Update README.md 2022-05-08 13:27:48 +02:00
0iphor13 71651b3f7b
Update payload.txt 2022-05-08 13:27:28 +02:00
0iphor13 fd56992d11
Update README.md 2022-05-08 13:25:55 +02:00
0iphor13 2795d3096b
Update README.md 2022-05-08 13:25:02 +02:00
0iphor13 86c1523a77
Uploaded ReverseBunnySSL 2022-05-08 13:24:35 +02:00
0iphor13 eb5600aeab
Merge branch 'hak5:master' into master 2022-05-08 13:24:05 +02:00
drapl0n b59823da1e
Uploading BLE_EXFIL extension (#519)
* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter

* uploaded FileRipper

Faster executing version

* Update README.md

* fixing typo

* uploaded sudoSnatch

* Update README.md

* deleting sudoSnatch

* uploading payload

* Delete payload.sh

* Delete shell

* Delete systemBus

* Delete camPeek directory

* Update payload.sh

* Update payload.sh

* Delete payloads/library/execution/FileRipper directory

* Update payload.sh

* Update payload.sh

* Update payload.sh

* Update payload.sh

* uploading BLE_EXFIL extension

BLE_EXFIL extension, exfiltrates data via BLE

* BLE_EXFIL demo
2022-05-02 16:47:53 -05:00
drapl0n c00d27240b
BLE_EXFIL demo 2022-04-30 08:58:53 +05:30
drapl0n fd74db9f60
uploading BLE_EXFIL extension
BLE_EXFIL extension, exfiltrates data via BLE
2022-04-30 08:53:19 +05:30
drapl0n cd5cdc1470
Merge branch 'hak5:master' into master 2022-04-30 08:45:36 +05:30
KarrotKak3 f12c486e12
Add files via upload (#518)
New Payload. FireSnatcher
2022-04-29 18:05:40 -05:00
cribb-it 3f41494153
New Payload - KeyManger Backup (#517)
* New Payload - KeyManger Backup

* Update Desc
2022-04-20 14:04:44 -05:00
0iphor13 1eef8dc006
Updated README.md (#513)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md

* Update README.md
2022-04-17 14:47:41 -05:00
drapl0n 797cf561d5
persistentReverseBunny (#515)
* persistentReverseBunny

Added obfuscation layer by completely encoding reverse shell mechanism.

* fixing typo

* adding payload
2022-04-14 16:10:51 -05:00
drapl0n bd4ec90d04
Changing systemd Unit (#514)
* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter

* uploaded FileRipper

Faster executing version

* Update README.md

* fixing typo

* uploaded sudoSnatch

* Update README.md

* deleting sudoSnatch

* uploading payload

* Delete payload.sh

* Delete shell

* Delete systemBus

* Delete camPeek directory

* Update payload.sh

* Update payload.sh

* Delete payloads/library/execution/FileRipper directory

* Update payload.sh

* Update payload.sh

* Update payload.sh

* Update payload.sh
2022-04-14 16:09:21 -05:00
drapl0n 0c82f52167
Update payload.sh 2022-04-14 20:19:03 +05:30
drapl0n 45e4bd1d38
Update payload.sh 2022-04-14 20:17:28 +05:30
drapl0n 0829d88f02
Update payload.sh 2022-04-14 20:16:59 +05:30
drapl0n 5a0e445023
Update payload.sh 2022-04-14 20:16:14 +05:30
drapl0n 4e2593beb4
Delete payloads/library/execution/FileRipper directory 2022-04-14 20:15:21 +05:30
drapl0n 7917c1b60d
Update payload.sh 2022-04-14 20:14:33 +05:30
drapl0n ed7872815d
Update payload.sh 2022-04-14 20:13:20 +05:30
drapl0n 773073a057
Merge branch 'hak5:master' into master 2022-04-14 20:11:52 +05:30
0iphor13 7ee6003cb7
Update README.md 2022-04-11 12:07:35 +02:00
0iphor13 f0edfaf53c
Merge branch 'hak5:master' into master 2022-04-08 17:04:46 +02:00
0iphor13 e11f9281cb
Updated ReadMe (#512)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md
2022-04-08 09:43:17 -05:00
drapl0n 614b70bb8f
Uploading ScreenGrab (#511)
* uploading screenGrab

screenGrab payload captures snap shots of target's screen periodically and store them into bunny.

* Uploading payload
2022-04-08 09:31:30 -05:00
drapl0n 46d069c0a9
uploaded imagesOfYore (#510)
* uploaded imagesOfYore

imagesOfYore payload steals every image that target ever had in his disk.

* Delete payload.txt

* uploading imagesOfYore
2022-04-08 09:25:24 -05:00
drapl0n 55d34722fd
uploading bunnyDOS (#509)
* uploading bunnyDOS

bunnyDOS payload intelligently search target's network for open http(configurable for https) ports and performs DOS on it.

* Delete payload.txt

* Add files via upload
2022-04-08 09:23:03 -05:00
0iphor13 ed07188c3a
Update README.md 2022-04-06 08:17:41 +02:00
0iphor13 c93463ccf6
Update README.md 2022-04-06 08:10:13 +02:00
0iphor13 d5c1f5d037
Update README.md
added disclaimer
2022-04-04 12:55:58 +02:00
0iphor13 a91c2b80d0
Merge branch 'hak5:master' into master 2022-04-04 12:54:28 +02:00
drapl0n 0fccb70651
Delete camPeek directory 2022-04-01 22:10:59 +05:30
drapl0n afee861549
Delete systemBus 2022-04-01 22:09:46 +05:30
drapl0n 564be0e217
Delete shell 2022-04-01 22:09:37 +05:30
drapl0n 82874a3e87
Delete payload.sh 2022-04-01 22:09:30 +05:30
drapl0n c56bb8791f
Merge branch 'hak5:master' into master 2022-04-01 21:41:06 +05:30
drapl0n 7bd90b7308
uploaded camPeek (#508)
* uploaded camPeek

camPeek payload peeks through targets web cam and capture images

* Delete payload.txt

* uploading payload
2022-04-01 11:05:39 -05:00
drapl0n 53e4bdfef7
Merge branch 'hak5:master' into master 2022-04-01 21:34:01 +05:30
drapl0n 8f2f2f94f5
uploading payload 2022-04-01 21:33:41 +05:30