Commit Graph

443 Commits (fa06629d0b71180c9573eb91419aa0d3c6ad686e)

Author SHA1 Message Date
Darren Kitchen b621491cc9
Fixed broken links 2021-09-08 15:34:45 -05:00
cribb-it 3fb08e01ae
New Payload - ANSI Sebs cow (#460)
* New Payload - ANSI Sebs cow

* Update Cow

* Making the cow symmetrical
2021-08-24 20:31:02 +01:00
9o3 605b7f1cab
New payload: HiveNightmare (#462)
Leverages CVE-2021–36934 to get SAM/SYSTEM/SECURITY hives.
2021-08-24 20:30:47 +01:00
emptyhen 9fdacee185
New Payload: Razer System Shell (#463)
Exploit Razer USA HID driver installation to System authority PowerShell. 
This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
2021-08-24 20:30:24 +01:00
Darren Kitchen 9b86d8c991 cleaned up directory structure to match payloads.hak5.org 2021-08-24 10:04:24 -05:00
Darren Kitchen 1b042f6f2d Moved sFTP Directory Grabber payload to recon directory 2021-08-24 09:38:52 -05:00
9o3 1efd6a1116
ATNT update: working version (#461)
* Delete stage3.ps1

* Update ATNT to work as intended.

Update ATNT to work as intended. Requires reboot or logoff to fully register AT.

* Remove DONE file in cleanup.

Forgot to remove DONE file.  Now also makes sure this file does not exist before running.
2021-08-18 10:37:59 -05:00
TW-D 4f6cd4b54d
Execution - Get System (#446)
Disable "PowerShell" logging
Check if current process have "Administrator" privilege
Check "SeDebugPrivilege" policy
Retrieves the processes belonging to the "SYSTEM" account
For each system PID, test to obtain the "SYSTEM" account via the parent process
2021-08-16 07:43:01 -05:00
cribb-it 49dff6e659
Fixing my bad spelling (#457) 2021-08-12 15:32:45 +01:00
9o3 9c55288403
New payload ATNT; Ease of Access Assistive Technology (#454)
Uses Windows Ease of Access Assistive Technology (https://docs.microsoft.com/en-us/windows/win32/winauto/ease-of-access---assistive-technology-registration) 
to persistently run code with NT AUTHORITY\SYSTEM rights.
2021-08-11 09:47:17 -05:00
Darren Kitchen 66bc18cbe2
Added bluetooth geofence profiler payload 2021-08-07 11:39:24 -05:00
Mark Brown a61b1e603e
update discord link (#441) 2021-07-12 20:42:38 +01:00
cribb-it 785e5d2a75
Various small fixes (#435)
* Add files via upload

* Update readme.md

* Update readme.md

* Update payload.txt

* Update readme.md

* fix rebase errors

* Fix for rebase

* Fix for fewer details
2021-07-06 20:02:27 +01:00
panicacid babdc72743
General Imrovements to PrintNightmare (#434)
* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

Co-authored-by: Marc <foxtrot@realloc.me>
2021-07-05 16:36:42 +01:00
panicacid efb5f63ad8
Bugfix (#433)
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

Co-authored-by: Marc <foxtrot@malloc.me>
2021-07-05 02:33:36 +01:00
panicacid 73ca91c3ba
Quick and Dirty PrintNightmare Payload (#432)
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

Co-authored-by: Marc <foxtrot@malloc.me>
2021-07-05 01:27:46 +01:00
Marc 829a4db6b2
Extensions: Add wait_for BTLE extensions 2021-07-01 16:29:44 +01:00
cribb-it 8cd8d859cd
New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny

* Morse Code File Exfiltration

A bit pointless with limitation of morse code but I thought it was fun to create.

* Update readme.md

* Update for non-alphanumeric

* Update for timing

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update payload.txt

* New payload - Fake Login

Shows a fake version of the windows 10 login screen

* Update readme.md

* Changes to Fake Login Payload

* Changes to Fake Login

* Win_PoSH_FakeLogin: Changes to payload and readme

* New recon payload: Win_PoSH_WordReport

* Update fixed typo: Win_PoSH_WordReport
2021-04-30 17:02:21 +01:00
Marc 7a0d036b74
Win_PoSH_FakeLogin: Fix typo in LED command. 2021-04-24 01:31:18 +01:00
cribb-it 6375315a33
Update PoSH_Morsecode, Add Windows 10 Login Screen (#430)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny

* Morse Code File Exfiltration

A bit pointless with limitation of morse code but I thought it was fun to create.

* Update readme.md

* Update for non-alphanumeric

* Update for timing

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update payload.txt

* New payload - Fake Login

Shows a fake version of the windows 10 login screen

* Update readme.md

* Changes to Fake Login Payload

* Changes to Fake Login
2021-04-22 16:44:33 +01:00
cribb-it 27d63ad5a5
Morse Code File Exfiltration (#429)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny

* Morse Code File Exfiltration

A bit pointless with limitation of morse code but I thought it was fun to create.

* Update readme.md

* Update for non-alphanumeric

* Update for timing

* Update readme.md
2021-04-04 09:33:48 -07:00
Ian Costa e9916c88aa
Windows Powershell Local DNS Poisoning payload (#427)
* Created Powershell_Local_DNS_Poisoning payload

* Fixed README.md formatting
2021-01-11 08:43:00 -08:00
Darren Kitchen 5b234069f0
Added Single Character Quacker payload 2020-12-17 18:21:24 -08:00
cribb-it 3904f165d9
Added new payload WIN_PoSH_HKU_RegBackUp (#424)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny
2020-12-14 23:53:42 +00:00
Marc b8a329232a
Merge pull request #426 from Alexdebeast78/patch-1
Jackalope: Update README to show Metasploit dependency.
2020-12-14 23:49:26 +00:00
Marc 3840f5330b
Jackalope: Small cleanup 2020-12-14 23:48:44 +00:00
Alex fc0fa47dcb
Jackalope: Update README to show Metasploit dependency.
Provided information on the dependency of Metasploit for the payload to work. 
Provided information on the installation of the tool accordingly.
2020-12-14 16:47:55 +01:00
Alex 6e0955fb2b
Update read.md
Change configuration description
2020-12-12 23:59:29 +01:00
cribb-it 5ccaa5562e
Add new prank payload (#419)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md
2020-07-13 14:54:57 -07:00
cribb-it 5548c0b1cd
Add hide-startbar payload (#418)
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md
2020-06-29 09:53:18 -07:00
Darren Kitchen 3e3979221f
Update wait.sh 2020-06-09 10:16:15 -07:00
theofandato 27332a9f14
Use more standard LED commands (#415) 2020-05-07 11:33:30 -07:00
DavidHaintz 5d608972bc
Adding new payload Bash Bunny Manager (#411)
* Added bash bunny manager to repository

* Moved bash bunny manager into general folder
2020-03-14 20:13:00 -07:00
kuyaya 68621324d2
Add files via upload (#414) 2020-03-14 20:12:16 -07:00
Emil Albrecht da6251df9f Add NiceShutdown (#408)
* Added files

The payload.txt and the README.md have been added to the project!

* Updated Readme

The Readme file has been updatet.

* Added development status

The development status entry has been added to the list.

* Added header.

A header containing important information has been added.

* Made a joke

A joke has been made out of the Tested: No

* Completed InfoBox and added Configuring

The InfoBox is now a real box, and the Configuring section that is currently empty has been added.

* Added DUCKY_LANG notice.

In the configuration header, the sentence "You are required to change the DUCKY_LANG." has been added.

* Various changes.

Following changes have been made:
Removed the "Tested joke"
Setting the LED
Setting the Attackmode
Added configurationstuff
Added Setting up
Added the actual shutting down

* Changed development status.

The development status has been changed to "Actually quite done".

* Changed development status

* Added quality notice.

The standard notice for Emilius123 payloads "Emilius123 payloads. Quality made in Notepad since 2019." has been added.

* Changed category

The category has been changed from "Prank" to "Prank and Troll".

* Changed version

In the files README.md and payload.txt, the Version label has changed to
version 1.0

* Changed development status.

The development status has been changed from "Actually quite done" to
"1.0 done"

* Changed Status at FINISH LED

* Quality notice is now cursive

The quality notice is now in a cursive font.

* Added notice

The notice "Please give feedback in the Forum topic." has been added and surrounded nicely.

* Update README.md

* Forum topic is now cursive

* Added pull request

The sentence "Please give Feedback in the Forum topic." has been changed to "Please give Feedback in the Forum Topic and check out the Pull request.

* Update README.md

* Update README.md

* Added additional information.

To the README and the payload, the Description, Attackmode and used
Extensions have been added.

* Removed lines

* Removed empty lines
2019-11-05 19:47:47 -08:00
Mike Galvin f1bf173d22 Enable RDP, disable NLA, log network information. (#401) 2019-10-19 12:36:45 -07:00
Marc d67b95a220
Merge pull request #383 from SymbianSyMoh/master
Yet another but FASTER SMB Bruteforce payload for Bash Bunny
2019-07-12 01:11:16 +00:00
Mohamed A. Baset d36f90f26c
Update payload.txt 2019-07-11 19:33:28 -05:00
Mohamed A. Baset e889c414d5
Update payload.txt
Adding the payload header!
2019-07-11 17:58:20 -05:00
Mohamed A. Baset d387f4e185
Update payload.txt
Require tool "impacket"
2019-07-11 17:09:39 -05:00
Marc 08a71de1d8
Merge pull request #389 from hak5/jackalope-patch
Update Jackalope to remove references to RVM.
2019-07-10 21:26:02 +00:00
Marc 81dd9531bf
Jackalope: Fix typo in REQUIRETOOL function call. 2019-07-09 21:38:02 +01:00
Marc 9a6d515add
Jackalope: Un-comment REQUIRE_TOOL.
Starting with 1.6, a Metasploit tools package will be available.
2019-07-04 00:10:24 +01:00
Marc 947b08fc0f
Update Jackalope to remove references to RVM.
Starting with Firmware 1.6 and the Metasploit tools package, RVM will no longer be needed.
2019-07-04 00:08:01 +01:00
Foxtrot db87d0dc02 Set executable bit on extensions 2019-06-28 22:35:27 +01:00
Marc e2f848c6b0
Merge pull request #377 from TheDragonkeeper/ex-payloads
Create runpayload.sh
2019-06-28 21:13:42 +00:00
TheDragonkeeper 81317d83b1
Update runpayload.sh 2019-06-28 22:08:44 +01:00
TheDragonkeeper 066b7846da
Rename payload.sh to runpayload.sh 2019-06-28 22:03:48 +01:00
Marc 938fe29c94
Merge pull request #379 from TheDragonkeeper/chromeos
Chromeos Enrollment
2019-06-28 20:50:17 +00:00
Marc e82fb6166b
Merge pull request #347 from mathew-fleisch/master
Two Stage Mac Payload
2019-06-28 20:20:33 +00:00