Commit Graph

805 Commits (master)

Author SHA1 Message Date
Marc 96cfd80035
pwnkit: strip binaries 2022-01-29 17:30:36 +00:00
TW-D c06fd4aa80
Add "PwnKit Vulnerability" - LPE (#489)
* Add "PwnKit Vulnerability" - LPE

The Qualys Research Team has discovered a memory corruption 
vulnerability in polkit’s pkexec, a SUID-root program that 
is installed by default on every major Linux distribution.

* Add Credits to README.MD

* pwnkit: Move to shorter directory name

* pwnkit: Add compiled version

* pwnkit: Copy built binaries instead of compiling

* make it executable

* add credits

Co-authored-by: Marc <foxtrot@malloc.me>
2022-01-29 17:26:56 +00:00
TW-D 5e95ba3d40
Add Win_ProblemStepsRecorder (#488)
Abuse of "Windows Problem Steps Recorder" to spy on a user's activities.
2022-01-28 11:53:24 -06:00
0iphor13 287faf1f1e
Created ProcDumpBunny (#487)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt
2022-01-25 12:31:59 -06:00
0iphor13 4f57e587a1
Update payload.txt 2022-01-25 19:17:52 +01:00
0iphor13 2b489f864c
Update README.md 2022-01-25 19:16:31 +01:00
0iphor13 199c03cd85
Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
2022-01-25 19:13:19 +01:00
0iphor13 bedcd433b7
Merge branch 'hak5:master' into master 2022-01-25 19:11:26 +01:00
JustaProgrammer9 fab1466896
so it actually works (#486)
I foolishly forgot to add a second backslash to $ImageName
2022-01-24 13:28:25 -06:00
JustaProgrammer9 f5292aa8ce
Desktop flooder (#479)
* Desktop Flooder

downloads an image from a link and saves it, then copies the images all over the desktop.

* Update README.md

* Update README.md

* Update README.md

* Update payload.txt
2022-01-21 19:02:26 -06:00
TW-D 95e1d22dee
Add Win_SSLKeyLog (#485)
* Add Win_SSLKeyLog

Captures the client network session.
Captures the client side session keys.

1) Partially avoids "PowerShell Script Block Logging".
2) Closing of all windows.
3) Hide "PowerShell" window.
4) Check if current process have "Administrator" privilege.
5) Sets the "SSLKEYLOGFILE" environment variable to store SSL session key information. 
6) Starts a "Network Tracing Session" with "ETW (Event Tracing for Windows)".
7) Writes the file system cache to disk (thanks to @dark_pyrro).
8) Safely eject (thanks to @Night (9o3)).

* Correction of some information in "README.md"
2022-01-21 18:53:08 -06:00
Jake Wimmer 4c1c8d47cd
Initial commit (#484) 2022-01-19 13:32:58 -06:00
0iphor13 50712f5c00
Merge branch 'hak5:master' into master 2022-01-08 13:36:03 +01:00
TW-D 8f28d0ab0e
"Microsoft Windows 10" Fake Logon Screen (#482)
1) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
2) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
3) Retrieve the current username.
4) Full-screen opening of the phishing HTML page using the default web browser with a random wallpaper.
5) The "Bash Bunny" can be removed because the files are cached in the web browser.
6) The password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
2022-01-07 13:47:55 -06:00
StaDo0815 77bf57308f
Update payload.txt (#397) 2022-01-04 11:44:53 -06:00
0iphor13 b64503fe23
Uploaded PingZhellBunny (#480)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl
2021-12-23 15:42:21 -06:00
0iphor13 2e096c88f6
Update Bunny.pl 2021-12-23 13:30:20 +01:00
0iphor13 3e12c55d9f
Update README.md 2021-12-23 13:29:19 +01:00
0iphor13 953f36ab50
Update README.md 2021-12-23 13:28:59 +01:00
0iphor13 d4e77cb241
Update payload.txt 2021-12-23 13:27:30 +01:00
0iphor13 7308488961
Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt 2021-12-23 13:21:17 +01:00
0iphor13 b71cf71651
Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md 2021-12-23 13:20:57 +01:00
0iphor13 496ab3ea23
Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1 2021-12-23 13:20:29 +01:00
0iphor13 9a8d6113a0
Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl 2021-12-23 13:19:46 +01:00
0iphor13 2ce8e8f034
Update payload.txt 2021-12-23 13:16:42 +01:00
0iphor13 979bdbc179
Update README.md 2021-12-23 13:12:32 +01:00
0iphor13 c19b9e56f6
Update README.md 2021-12-23 13:12:21 +01:00
0iphor13 712ebe762c
Update Bunny.pl 2021-12-23 13:10:55 +01:00
0iphor13 27b1cd003e
Updated to PingZhell 2021-12-23 13:09:32 +01:00
0iphor13 d9bdd824f1
Merge branch 'hak5:master' into master 2021-12-22 14:35:10 +01:00
Overtime b5fd8b50fc
Add Mac Pass (#428)
* Added MacPass

* Update readme.md

Co-authored-by: Overtime <39917164+0vertime-dev@users.noreply.github.com>
2021-12-21 17:34:55 -06:00
cribb-it 39fd0e838c
New Payload - Excel QR Rickroll (#436)
* Add files via upload

* Update readme.md

* Update readme.md

* Update payload.txt

* Update readme.md

* fix rebase errors

* Fix for rebase

* Fix for fewer details

* Extensions: Add wait_for BTLE extensions

* Quick and Dirty PrintNightmare Payload (#432)

* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

Co-authored-by: Marc <foxtrot@malloc.me>

* Bugfix (#433)

* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

Co-authored-by: Marc <foxtrot@malloc.me>

* General Imrovements to PrintNightmare (#434)

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

Co-authored-by: Marc <foxtrot@realloc.me>

* New Payload - Excel QR Rickroll

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: panicacid <steve@pcquicktips.net>
Co-authored-by: Marc <foxtrot@realloc.me>
2021-12-21 17:33:03 -06:00
cribb-it e1700bdc91
New payload - Replace Cursor (#437)
* New payload - Replace Cursor

* Added Cursor - follow the white rabbit

* Update Readme
2021-12-21 17:31:08 -06:00
cribb-it 8a7606aa0a
New Payload - Read It Out (#444) 2021-12-21 17:28:38 -06:00
TW-D 5d4367787f
SanDisk Wireless Stick Exfiltration (#445)
Uses the "SanDisk Wireless Stick" for files exfiltration.
1) Avoids "PowerShell Script Block Logging".
2) Hide "PowerShell" window.
3) Deletes Wi-Fi connection profiles in automatic mode, each deletion causes a disconnection.
4) Adds the profile for the "SanDisk Connect Wireless Stick" in automatic mode.
5) Checks whether the Wi-Fi interface is connected to the "SanDisk" and whether the gateway can be reached, if not, automatically starts again.
6) Exfiltration of the files via the HTTP channel.
2021-12-21 17:24:09 -06:00
cribb-it 49f7018bf3
New Payload - SSH Server (#451)
* New Payload - SSH Server

* Update Delay
2021-12-21 17:20:37 -06:00
cribb-it 73bf1c0c48
New Payload - Spinning Around (#452)
* New Payload - Spinning Around

* Update readme.md
2021-12-21 17:17:12 -06:00
saintcrossbow bb601883ef
New Exfiltration Payload: Smart Data Thief (#453)
* Exfiltrate using Windows utility SmartFileExtract

Script to find all files that a) have filenames with the word "pass" or "secret" in them or b) are standard .DOC files and copy them to loot. SmartFileExtract is used to kill the copy after 500 MBs and / or 90 seconds and will display the copy status using a fake install window.

Dependencies:
Binary (SmartFileExtract.exe) from https://github.com/saintcrossbow/SmartFileExtract

* New Exfiltration: Smart Data Thief

Timed exfiltration attack targeting high value data and WiFi creds. Highly configurable to start / stop attack using BLE beacons, create distraction when aborting attack, and full shutdown for removal after attack complete.

* Revolver BLE controlled multi-attack

New payload: Revolver - a multi option attack controlled by BLE beacons. Plug in Bash Bunny and choose your attack based on what you need in the field.
2021-12-21 17:11:50 -06:00
scaery 9e54726597
Original from scaery/ducked (#456)
* Create procdump.txt

* Create duck_code.txt

* Create run.ps1

* Create payload.txt
2021-12-16 11:52:13 -06:00
Hacksawfred3232 0414f0cfc7
New Payload/Tool: FICBunny (#471)
* Added FICBunny

* Added disclaimer regarding modifying /dev/nandg

* Add changes from Austin Spraggins + Some cleanup.

* Update readme.md
2021-12-16 11:50:56 -06:00
JustaProgrammer9 72d424232a
Bluetooth2 (#477)
* Bluetooth2

Bluetooth2 is a program that can use multiple triggers instead of waiting for just one and run different things depending on that trigger. Anyone willing to update it would be appreciated as it probably looks... not great.

* Update payload.txt

* Update payload.txt

* Update README.md
2021-12-16 11:48:02 -06:00
0iphor13 567040f9e7
Update README.md 2021-12-11 20:02:51 +01:00
0iphor13 91a280d62d
Update README.md 2021-12-11 19:58:22 +01:00
0iphor13 60f9b361f3
Uploaded pingUinBunny
A reverse shell using icmp
2021-12-11 19:56:59 +01:00
0iphor13 f019d862cd
Delete payloads/library/remote_access/switch1 directory 2021-12-11 19:56:06 +01:00
0iphor13 12641377aa
Uploaded pingUinBunny
a reverse shell using icmp
2021-12-11 19:55:11 +01:00
0iphor13 82592d435d
Merge branch 'hak5:master' into master 2021-12-11 19:54:07 +01:00
0iphor13 54505507b9
Updated ReverseBunny to version 1.2 (#475)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3
2021-12-06 20:08:42 +00:00
0iphor13 97ef0d9173
Updated payload
fixed some stupid left overs <3
2021-11-29 17:59:25 +01:00
0iphor13 863a47d90f
Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
2021-11-29 17:56:03 +01:00