hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/execution/FollinaBunny
History
panicacid 980debd8c0
Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530) 
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP

Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)

* Changed from RUN WIN to QUACK STRING

Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh

* Added command to cover traks at the end of the script

added a line of powershell to clean out the run registry key to hide any evidence of the script running

* Added FollinaBunny

Added a new payload which leverages CVE-2022-30190 to execute code based on a malicious website hosted on the bunny itself.

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>
 		2022-06-01 12:05:20 -05:00
..
README.md Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530) 2022-06-01 12:05:20 -05:00
payload.html Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530) 2022-06-01 12:05:20 -05:00
payload.txt Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530) 2022-06-01 12:05:20 -05:00

README.md

FollinaBunny

  • Author: PanicAcid
  • Version: 1.0
  • Target: Windows (Powershell 5.1+)
  • Category: Execution
  • Attackmode: HID & RNDIS_ETHERNET
  • Extensions: Run
  • Props: Cribbit and 0xBacco

Change Log

Version Changes
1.0 Initial release

Description

Executes code leveraging CVE-2022-30190 aka Follina using a malicious html file hosted on the Bunny itself. Whilst this exploit can be called via a malicious word document, a simple wget via PowerShell will also execute the malicious code.. Tweak and well you get the picture.

This WILL flag on Defender if you're up to date, however the PoC here isn't that you can just run this code, it's that you can self serve this malicious html file via the BashBunny and you can tweak it to your hearts content.

Based on Cribbit's Moo payload https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/prank/Win_PoSH_AnsiSebsCow Example payload taken from https://greynolds.me.uk/ - https://greynolds.me.uk/poc.html

Colours

Status Colour Description
SETUP Magenta solid Setting attack mode
ATTACK Yellow single blink Injecting Powershell script
FINISHED Green blink followed by SOLID Injection finished