Commit Graph

466 Commits (a67650031fdb3b864db8517c5cfb1cdde4b2540c)

Author SHA1 Message Date
0iphor13 a67650031f
Merge branch 'hak5:master' into master 2022-10-19 18:32:42 +02:00
0iphor13 427150a0dc
Update Bunny.pl 2022-10-19 18:32:24 +02:00
0iphor13 0c39fffbf2
Update payload.txt 2022-10-19 18:30:42 +02:00
0iphor13 9494ab8d2e
Update README.md 2022-10-19 18:29:26 +02:00
0iphor13 a991cd7af4
Update payload.txt 2022-10-19 18:26:40 +02:00
0iphor13 cad1abe00b
Update and rename PingZhell.ps1 to PingZhellBunny.ps1 2022-10-19 18:25:53 +02:00
0iphor13 caafcfb103
Update Bunny.pl 2022-10-19 18:24:26 +02:00
hak5glytch 962477433c
Merge pull request #558 from I-Am-Jakoby/master
New Payload - ADV Rick Roll
2022-10-14 13:06:33 -06:00
I-Am-Jakoby b110693304
New Payload - YouTube Tripwire 2022-10-13 22:15:32 -05:00
I-Am-Jakoby 3ee453979d
Add files via upload 2022-10-13 01:20:15 -05:00
hak5glytch ab146c05d2
Merge pull request #557 from I-Am-Jakoby/master
New Payload - Shortcut Jacker
2022-10-11 17:03:52 -06:00
I-Am-Jakoby 92e76d35fc
Add files via upload 2022-10-10 23:37:26 -05:00
atomic 85ecdd5889
Add files via upload 2022-10-10 23:10:33 -04:00
atomic 1977d49f8e
Add files via upload 2022-10-10 23:05:56 -04:00
hak5glytch 8f19915a5f
Merge pull request #546 from atomiczsec/master
New Payload - Copy-And-Waste
2022-10-09 11:57:16 -06:00
hak5glytch 322cf4f7c1
Merge pull request #548 from atomiczsec/master
New Payload - Water-UnMark
2022-10-09 11:05:57 -06:00
hak5glytch 5a67438f87
Merge pull request #549 from drapl0n/master
BunnyLogger2.0: Tweaks and Updates
2022-10-08 18:40:32 -06:00
hak5glytch 7892015c02
Merge pull request #550 from Jeklah/patch-1
Update BBB.ps1
2022-10-08 18:39:25 -06:00
hak5glytch 1b76be74ee
Merge pull request #551 from Jeklah/patch-2
Update payload.txt
2022-10-08 18:39:01 -06:00
atomic a08e9b382d
New Payload - Screen-Shock (#552)
* Add files via upload

* Update c.ps1

* Add files via upload
2022-10-08 18:32:28 -06:00
TW-D fa5dae9b11
Linux Random Reverse Shell (#553)
1) Checks the availability of binaries on the system.
2) Builds a list of possible payloads.
3) Performs one at random.
2022-10-08 18:25:34 -06:00
Jeklah 5a15fac2f0
Update payload.txt
Minor typo in comments.
2022-09-07 00:14:14 +01:00
Jeklah 3e608cdd3d
Update BBB.ps1
Typo in comments, Chrome should be Edge.
2022-09-06 23:32:19 +01:00
drapl0n 6d4455d239
Update payload.txt 2022-09-05 21:44:49 +05:30
drapl0n c9dafb479f
moving payload.sh 2022-09-05 21:43:42 +05:30
drapl0n b813f1b196
moving bunnyLoggerMgr 2022-09-05 21:43:01 +05:30
drapl0n b5bd4487b1
Update uninstall.sh 2022-09-05 21:41:46 +05:30
drapl0n d328ab9db3
Update install.sh 2022-09-05 21:41:13 +05:30
drapl0n 5738de5e9e
uploading BunnyLogger 2.0 (#545)
* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter

* uploaded FileRipper

Faster executing version

* Update README.md

* fixing typo

* uploaded sudoSnatch

* Update README.md

* deleting sudoSnatch

* uploading payload

* Delete payload.sh

* Delete shell

* Delete systemBus

* Delete camPeek directory

* Update payload.sh

* Update payload.sh

* Delete payloads/library/execution/FileRipper directory

* Update payload.sh

* Update payload.sh

* Update payload.sh

* Update payload.sh

* uploading BLE_EXFIL extension

BLE_EXFIL extension, exfiltrates data via BLE

* BLE_EXFIL demo

* uploading mine4me

mine4me payload makes your target system mine Monero for you. Spread payload in multiple systems to acquire more Monero.

* category update

* Uploading BunnyLogger 2.0
2022-09-01 14:19:05 -05:00
atomic 7169158bb8
Add files via upload 2022-08-30 18:50:10 -04:00
atomic f864ad8323
Merge branch 'hak5:master' into master 2022-08-30 18:39:55 -04:00
atomic 8e322706bc
New payload - Bookmark-Hog (#543) 2022-08-30 09:56:42 -05:00
TW-D b10a644277
Add Fake SSH (#544)
1) Copies the "ssh" command spoofing program to the user's home directory.
2) Defines a new persistent "ssh" alias with the file "~/.bash_aliases".
3) When the user executes the command "ssh" in a terminal, the spoofing program :
- __By default__ retrieves the username@address and password and writes them to "/tmp/.ssh_password".
- __But__ this behavior can be changed in line 20 of the "ssh-phishing.sh" file.
2022-08-30 09:37:50 -05:00
Carey Balboa 2aa4910d0c
add my own exfil payload (#540)
* add my own exfil payload

Exfiltrates files from logged in users Documents and Desktop folders

* updated

* Update readme.md
2022-08-30 09:28:28 -05:00
atomic a59fbe93c7
Add files via upload 2022-08-23 21:44:25 -04:00
0iphor13 0bc2dad2f6
added Disclaimer (#539)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md

* Update README.md

* Uploaded ReverseBunnySSL

* Update README.md

* Update README.md

* Update payload.txt

* Update README.md

* Uploaded SamDumpBunny

Dumps users sam & system hive, which can be used later to extract the users hashes

* added Disclaimer

Added disclaimer about samdump2
2022-07-14 14:28:08 -05:00
PeteDavis91 ca22cb3c37
OooohThatsHandy - Juicy Data Grabber (#538)
* Add files via upload

* Rename Read-Me.txt to Read-Me

* Rename payload.txt.txt to payload

* Add files via upload

Added some features and fixed a few bugs I found

* Delete payload

* Rename payload.txt.txt to payload
2022-07-14 14:25:28 -05:00
Ferrari cae94215c7
Update x.cmd (#536)
If google chrome is installed, download the history.
2022-07-14 14:22:18 -05:00
cribb-it 8185b97046
New Payload - Be a pest (#535)
* New Payload - Be a pest

* Update - Spelling
2022-06-22 14:34:14 -05:00
drapl0n c391cd7c76
Uploading mine4me (#533)
* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter

* uploaded FileRipper

Faster executing version

* Update README.md

* fixing typo

* uploaded sudoSnatch

* Update README.md

* deleting sudoSnatch

* uploading payload

* Delete payload.sh

* Delete shell

* Delete systemBus

* Delete camPeek directory

* Update payload.sh

* Update payload.sh

* Delete payloads/library/execution/FileRipper directory

* Update payload.sh

* Update payload.sh

* Update payload.sh

* Update payload.sh

* uploading BLE_EXFIL extension

BLE_EXFIL extension, exfiltrates data via BLE

* BLE_EXFIL demo

* uploading mine4me

mine4me payload makes your target system mine Monero for you. Spread payload in multiple systems to acquire more Monero.

* category update
2022-06-22 14:32:27 -05:00
TW-D 7d8994f7ac
Add "Microsoft Windows" Browser in the Browser (#534)
1) Hide "PowerShell" window.
2) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
3) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
4) Copies and hides the phishing folder in the current user's directory.
5) Full screen opening of the phishing HTML page using "Microsoft Edge" in kiosk mode.
6) The username/password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
2022-06-16 08:50:00 -05:00
0iphor13 a8db5fd948
Uploaded SamDumpBunny (#532)
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt

* Updated ReverseBunny

Fixed wrong DELAY commands

* Updated PingZhellBunny

Fixed wrong DELAY commands

* Updated WifiSnatch

Fixed multiple mistakes

* Uploaded HashDumpBunny

Use your BashBunny to dump the user hashes of your target - similar to the msf post-module.
The script was obfuscated with multiple layers, so don't be confused.
If you don't trust this script, run it within a save testing space - which should be best practice anyways ;)

* added example picture

* Update README.md

* Uploaded SessionBunny

Utilize SessionGopher (Slightly modified) to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Afterwards decide which is important and what you want to save onto your BashBunny.

* Uploaded SessionBunny

Utilize the famous, here slightly modified SessionGopher script, to find PuTTY, WinSCP, and Remote Desktop saved sessions. It decrypts saved passwords for WinSCP.
Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.

Decide which inforamtion you wanna take with you - save it onto your BashBunny!

* Update README.md

* Delete SessionBunny directory

* Uploaded MiniDumpBunny

Dump lsass with this rewritten and for BashBunny adapted version of Powersploits Out-MiniDump.

* Update README.md

added disclaimer

* Update README.md

* Update README.md

* Update README.md

* Uploaded ReverseBunnySSL

* Update README.md

* Update README.md

* Update payload.txt

* Update README.md

* Uploaded SamDumpBunny

Dumps users sam & system hive, which can be used later to extract the users hashes
2022-06-09 12:48:23 -05:00
cribb-it 63fe005ddc
New Payload - My Pictures 2 Ascii Art (#531)
* New Payload - MyPicture2AsciiArt

* New Payload - MyPicture2AsciiArt

* Fix Title
2022-06-09 12:38:05 -05:00
LulzAnarchyAnon 56a74583a4
Create payload.txt (#526) 2022-06-01 12:23:58 -05:00
panicacid 980debd8c0
Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530)
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP

Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)

* Changed from RUN WIN to QUACK STRING

Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh

* Added command to cover traks at the end of the script

added a line of powershell to clean out the run registry key to hide any evidence of the script running

* Added FollinaBunny

Added a new payload which leverages CVE-2022-30190 to execute code based on a malicious website hosted on the bunny itself.

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>
2022-06-01 12:05:20 -05:00
TW-D 80573a03ab
fake-sudo - Improvements and corrections (#528)
* Update README.md

* Update sudo-phishing.sh

* Update sudo-phishing.sh

* Delete payloads/library/phishing/fake-sudo directory

* Add files via upload
2022-05-29 16:21:12 -05:00
I-Am-Jakoby 49c8edf636
Add files via upload (#523) 2022-05-19 13:33:06 -05:00
I-Am-Jakoby 145ffc36f6
New Payload - SafeHaven (#525)
* Add files via upload

* Update README.md
2022-05-19 13:26:50 -05:00
I-Am-Jakoby 791cc4e1aa
Add files via upload (#524) 2022-05-17 16:35:51 -05:00
TW-D dfe52e6a5c
Add "Fake sudo" (#522)
* Add "Fake sudo"

1) Copies the "sudo" command spoofing program to the user's home directory.
2) Defines a new persistent "sudo" alias with the file "~/.bash_aliases".
3) When the user "sudoer" executes the command "sudo" in a terminal, the spoofing program :
- __By default__ retrieves the username and password and writes them to "/tmp/.sudo_password".
- __But__ this behavior can be changed in line 21 of the "sudo-phishing.sh" file.
4) After sending, the spoofing program deletes the "sudo" alias. Then it deletes itself.

* Update README.md

* Update sudo-phishing.sh
2022-05-12 10:26:34 -05:00