hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/execution/psh_DownloadExec
History
root 989be5976a update powershell run line and fix complete check 2018-05-10 13:07:22 -05:00
..
p.txt Update and fix payloads (#277) 2017-10-25 11:10:17 +11:00
payload.txt update powershell run line and fix complete check 2018-05-10 13:07:22 -05:00
readme.md Update and fix payloads (#277) 2017-10-25 11:10:17 +11:00

readme.md

psh_DownloadExec

Powershell Download and Execute

  • Author: LowValueTarget
  • Version: Version 1.3
  • Target: Windows XP SP3+ (Powershell)
  • Category: Powershell
  • Attackmodes: HID, RNDIS_Ethernet
  • Firmware: >= 1.3

Description

Quick HID attack to retrieve and run powershell payload from BashBunny web server.

Configuration

Ensure p.txt exists in payload directory. This is the powershell script that will be downloaded and executed.

Requirements

gohttp

gohttp is a standalone simple webserver that is quicker and more stable than python's SimpleHTTPServer.

Installation

See Hak5's Tool Thread Here: https://forums.hak5.org/index.php?/topic/40971-info-tools/

STATUS

| Attack Stage        | Description                              |
| ------------------- | ---------------------------------------- |
| Stage 1             | Running Initial Powershell Commands      |
| Stage 2             | Delivering powershell payload            |