* Add "PwnKit Vulnerability" - LPE
The Qualys Research Team has discovered a memory corruption
vulnerability in polkit’s pkexec, a SUID-root program that
is installed by default on every major Linux distribution.
* Add Credits to README.MD
* pwnkit: Move to shorter directory name
* pwnkit: Add compiled version
* pwnkit: Copy built binaries instead of compiling
* make it executable
* add credits
Co-authored-by: Marc <foxtrot@malloc.me>
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
* Desktop Flooder
downloads an image from a link and saves it, then copies the images all over the desktop.
* Update README.md
* Update README.md
* Update README.md
* Update payload.txt
* Add Win_SSLKeyLog
Captures the client network session.
Captures the client side session keys.
1) Partially avoids "PowerShell Script Block Logging".
2) Closing of all windows.
3) Hide "PowerShell" window.
4) Check if current process have "Administrator" privilege.
5) Sets the "SSLKEYLOGFILE" environment variable to store SSL session key information.
6) Starts a "Network Tracing Session" with "ETW (Event Tracing for Windows)".
7) Writes the file system cache to disk (thanks to @dark_pyrro).
8) Safely eject (thanks to @Night (9o3)).
* Correction of some information in "README.md"
1) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
2) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
3) Retrieve the current username.
4) Full-screen opening of the phishing HTML page using the default web browser with a random wallpaper.
5) The "Bash Bunny" can be removed because the files are cached in the web browser.
6) The password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Add files via upload
* Update readme.md
* Update readme.md
* Update payload.txt
* Update readme.md
* fix rebase errors
* Fix for rebase
* Fix for fewer details
* Extensions: Add wait_for BTLE extensions
* Quick and Dirty PrintNightmare Payload (#432)
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
Co-authored-by: Marc <foxtrot@malloc.me>
* Bugfix (#433)
* New Payload
Added new PrintNightmare Payload (Quick and dirty)
* Fixed my potty mouth
I'm a child sometimes
* Renamed Payload
* PrintNightmare: Use SWITCH_POSITION in payload path
* Fixing a typo
* Added Delays
Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.
* Amending Version Number
I'm a fool
* Updated Readme with proper credit
Co-authored-by: Marc <foxtrot@malloc.me>
* General Imrovements to PrintNightmare (#434)
* Housekeeping
Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.
* Update README.md
* More improvement
Added exit to the juicybits rather than using alt and /noprofile to the run as
* Update README.md
Co-authored-by: Marc <foxtrot@realloc.me>
* New Payload - Excel QR Rickroll
Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: panicacid <steve@pcquicktips.net>
Co-authored-by: Marc <foxtrot@realloc.me>
Uses the "SanDisk Wireless Stick" for files exfiltration.
1) Avoids "PowerShell Script Block Logging".
2) Hide "PowerShell" window.
3) Deletes Wi-Fi connection profiles in automatic mode, each deletion causes a disconnection.
4) Adds the profile for the "SanDisk Connect Wireless Stick" in automatic mode.
5) Checks whether the Wi-Fi interface is connected to the "SanDisk" and whether the gateway can be reached, if not, automatically starts again.
6) Exfiltration of the files via the HTTP channel.
* Exfiltrate using Windows utility SmartFileExtract
Script to find all files that a) have filenames with the word "pass" or "secret" in them or b) are standard .DOC files and copy them to loot. SmartFileExtract is used to kill the copy after 500 MBs and / or 90 seconds and will display the copy status using a fake install window.
Dependencies:
Binary (SmartFileExtract.exe) from https://github.com/saintcrossbow/SmartFileExtract
* New Exfiltration: Smart Data Thief
Timed exfiltration attack targeting high value data and WiFi creds. Highly configurable to start / stop attack using BLE beacons, create distraction when aborting attack, and full shutdown for removal after attack complete.
* Revolver BLE controlled multi-attack
New payload: Revolver - a multi option attack controlled by BLE beacons. Plug in Bash Bunny and choose your attack based on what you need in the field.
* Bluetooth2
Bluetooth2 is a program that can use multiple triggers instead of waiting for just one and run different things depending on that trigger. Anyone willing to update it would be appreciated as it probably looks... not great.
* Update payload.txt
* Update payload.txt
* Update README.md
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
Marc
TW-D
0iphor13
JustaProgrammer9
Jake Wimmer
StaDo0815
Overtime
cribb-it
saintcrossbow
scaery
Hacksawfred3232