From 27ad6acfe23f43829458dce23234680ae5fe5b7f Mon Sep 17 00:00:00 2001
From: 0i41E <79219148+0i41E@users.noreply.github.com>
Date: Tue, 28 May 2024 19:34:18 +0200
Subject: [PATCH] Username Change
---
payloads/library/credentials/FireSnatcher/README.md | 2 +-
payloads/library/credentials/FireSnatcher/payload.txt | 2 +-
payloads/library/credentials/HashDumpBunny/README.md | 4 ++--
payloads/library/credentials/HashDumpBunny/payload.txt | 2 +-
payloads/library/credentials/MiniDumpBunny/README.md | 4 ++--
payloads/library/credentials/MiniDumpBunny/payload.txt | 2 +-
payloads/library/credentials/ProcDumpBunny/README.md | 8 ++++----
payloads/library/credentials/ProcDumpBunny/payload.txt | 2 +-
payloads/library/credentials/SamDumpBunny/README.md | 4 ++--
payloads/library/credentials/SamDumpBunny/payload.txt | 2 +-
payloads/library/credentials/SessionBunny/README.md | 4 ++--
.../library/credentials/SessionBunny/SessionBunny.ps1 | 2 +-
payloads/library/credentials/SessionBunny/payload.txt | 2 +-
payloads/library/execution/SerialNumBunny/1.PS1 | 2 +-
payloads/library/execution/SerialNumBunny/payload.txt | 2 +-
payloads/library/execution/SerialNumBunny/readme.md | 4 ++--
payloads/library/exfiltration/WifiSnatch/payload.txt | 2 +-
payloads/library/prank/-BB-AcidBurn/README.md | 2 +-
payloads/library/prank/-BB-JumpScare/README.md | 2 +-
payloads/library/remote_access/PingZhellBunny/Bunny.pl | 2 +-
payloads/library/remote_access/PingZhellBunny/README.md | 2 +-
payloads/library/remote_access/PingZhellBunny/payload.txt | 2 +-
payloads/library/remote_access/ReverseBunny/README.md | 4 ++--
payloads/library/remote_access/ReverseBunny/payload.txt | 2 +-
payloads/library/remote_access/ReverseBunnySSL/README.md | 6 +++---
.../library/remote_access/ReverseBunnySSL/payload.txt | 2 +-
26 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/payloads/library/credentials/FireSnatcher/README.md b/payloads/library/credentials/FireSnatcher/README.md
index 1d3b0dd0..d55eed6e 100644
--- a/payloads/library/credentials/FireSnatcher/README.md
+++ b/payloads/library/credentials/FireSnatcher/README.md
@@ -1,7 +1,7 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
-# Props: saintcrossbow & 0iphor13
+# Props: saintcrossbow & 0i41E
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)
diff --git a/payloads/library/credentials/FireSnatcher/payload.txt b/payloads/library/credentials/FireSnatcher/payload.txt
index 143efd55..3c1c4443 100644
--- a/payloads/library/credentials/FireSnatcher/payload.txt
+++ b/payloads/library/credentials/FireSnatcher/payload.txt
@@ -1,7 +1,7 @@
# Title: FireSnatcher
# Description: Copies Wifi Keys, and Firefox Password Databases
# Author: KarrotKak3
-# Props: saintcrossbow & 0iphor13
+# Props: saintcrossbow & 0i41E
# Version: 1.0.2.0 (Work in Progress)
# Category: Credentials
# Target: Windows (Logged in)
diff --git a/payloads/library/credentials/HashDumpBunny/README.md b/payloads/library/credentials/HashDumpBunny/README.md
index b1460dd5..905c12fb 100644
--- a/payloads/library/credentials/HashDumpBunny/README.md
+++ b/payloads/library/credentials/HashDumpBunny/README.md
@@ -1,6 +1,6 @@
**Title: HashDumpBunny**
-Author: 0iphor13
+Author: 0i41E
Version: 1.0
@@ -17,4 +17,4 @@ Place BunnyDump.bat in the same payload switch-folder as your payload.txt
#
Plug in BashBunny.
Exfiltrate the out.txt file and try to crack the hashes.
-
+
diff --git a/payloads/library/credentials/HashDumpBunny/payload.txt b/payloads/library/credentials/HashDumpBunny/payload.txt
index f21e4a36..2e9e6843 100644
--- a/payloads/library/credentials/HashDumpBunny/payload.txt
+++ b/payloads/library/credentials/HashDumpBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: HashDumpBunny
# Description: Dump user hashes with this script, which was obfuscated with multiple layers.
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage
diff --git a/payloads/library/credentials/MiniDumpBunny/README.md b/payloads/library/credentials/MiniDumpBunny/README.md
index a6fba8e0..c314caf2 100644
--- a/payloads/library/credentials/MiniDumpBunny/README.md
+++ b/payloads/library/credentials/MiniDumpBunny/README.md
@@ -1,6 +1,6 @@
**Title: MiniDumpBunny**
-Author: 0iphor13
+Author: 0i41E
Version: 1.0
@@ -14,4 +14,4 @@ What is MiniDumpBunny?
Plug in your BashBunny equipped with the obfuscated MiniBunny.bat file, wait a few seconds, go away.
#
Exfiltrate the .dmp file and read it with Mimikatz.
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/payloads/library/credentials/MiniDumpBunny/payload.txt b/payloads/library/credentials/MiniDumpBunny/payload.txt
index 2fc58a03..467e748a 100644
--- a/payloads/library/credentials/MiniDumpBunny/payload.txt
+++ b/payloads/library/credentials/MiniDumpBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: MiniDumpBunny
# Description: Dump lsass with this script, which was obfuscated with multiple layers.
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage
diff --git a/payloads/library/credentials/ProcDumpBunny/README.md b/payloads/library/credentials/ProcDumpBunny/README.md
index 31b9ef73..afcf570b 100644
--- a/payloads/library/credentials/ProcDumpBunny/README.md
+++ b/payloads/library/credentials/ProcDumpBunny/README.md
@@ -1,6 +1,6 @@
**Title: ProcDumpBunny**
-Author: 0iphor13
+Author: 0i41E
Version: 1.0
@@ -12,10 +12,10 @@ What is ProcDumpBunny?
**Instruction:**
Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe
-.png)
+.png)
Place Bunny.exe in the same payload switch as your payload
-.png)
+.png)
#
Plug in BashBunny.
Exfiltrate the out.dmp file and read it with Mimikatz.
-.png)
+.png)
diff --git a/payloads/library/credentials/ProcDumpBunny/payload.txt b/payloads/library/credentials/ProcDumpBunny/payload.txt
index b0275b7e..9480cf77 100644
--- a/payloads/library/credentials/ProcDumpBunny/payload.txt
+++ b/payloads/library/credentials/ProcDumpBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: ProcDumpBunny
# Description: Dump lsass.exe with a renamed version of procdump
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage
diff --git a/payloads/library/credentials/SamDumpBunny/README.md b/payloads/library/credentials/SamDumpBunny/README.md
index 683fd00d..6e64f4fa 100644
--- a/payloads/library/credentials/SamDumpBunny/README.md
+++ b/payloads/library/credentials/SamDumpBunny/README.md
@@ -1,6 +1,6 @@
**Title: SamDumpBunny**
-Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
@@ -21,4 +21,4 @@ Afterwards you can use a tool like samdump2 to extract the users hashes.
**!Disclaimer! samdump2 has proven to be unreliable in the recent past.**
-
+
diff --git a/payloads/library/credentials/SamDumpBunny/payload.txt b/payloads/library/credentials/SamDumpBunny/payload.txt
index cc3120e3..a84d08de 100644
--- a/payloads/library/credentials/SamDumpBunny/payload.txt
+++ b/payloads/library/credentials/SamDumpBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: SamDumpBunny
# Description: Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes.
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage
diff --git a/payloads/library/credentials/SessionBunny/README.md b/payloads/library/credentials/SessionBunny/README.md
index ae8d4d7a..b8d45347 100644
--- a/payloads/library/credentials/SessionBunny/README.md
+++ b/payloads/library/credentials/SessionBunny/README.md
@@ -1,6 +1,6 @@
**Title: SessionBunny**
-Author: 0iphor13
+Author: 0i41E
(Credit for SessionGopher: Brandon Arvanaghi)
Version: 1.0
@@ -19,4 +19,4 @@ Place SessionBunny.ps1 in the same payload switch-folder as your payload.txt
#
Plug in BashBunny.
Wait for the script to finish and decide what you wanna do with the information gathered
-
+
diff --git a/payloads/library/credentials/SessionBunny/SessionBunny.ps1 b/payloads/library/credentials/SessionBunny/SessionBunny.ps1
index c7bd7818..568b324d 100644
--- a/payloads/library/credentials/SessionBunny/SessionBunny.ps1
+++ b/payloads/library/credentials/SessionBunny/SessionBunny.ps1
@@ -43,7 +43,7 @@
o
o_
/ ". SessionGopher
- ," _-" Bunny Edition (0iphor13)
+ ," _-" Bunny Edition (0i41E)
," m m
..+ ) Brandon Arvanaghi
`m..m @arvanaghi | arvanaghi.com
diff --git a/payloads/library/credentials/SessionBunny/payload.txt b/payloads/library/credentials/SessionBunny/payload.txt
index 4531e181..e07f9cf5 100644
--- a/payloads/library/credentials/SessionBunny/payload.txt
+++ b/payloads/library/credentials/SessionBunny/payload.txt
@@ -1,7 +1,7 @@
#!/bin/bash
#
# Title: SessionBunny
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Credentials
# Attackmodes: HID, Storage
diff --git a/payloads/library/execution/SerialNumBunny/1.PS1 b/payloads/library/execution/SerialNumBunny/1.PS1
index 0ed38dc7..620c62ba 100644
--- a/payloads/library/execution/SerialNumBunny/1.PS1
+++ b/payloads/library/execution/SerialNumBunny/1.PS1
@@ -12,4 +12,4 @@ $Picture=@"
Sleep -s 5
Write-Host -ForegroundColor red "$Picture"
Sleep -s 2
-Write-Host -ForegroundColor green "SerialNumBunny by 0iphor13"
\ No newline at end of file
+Write-Host -ForegroundColor green "SerialNumBunny by 0i41E"
\ No newline at end of file
diff --git a/payloads/library/execution/SerialNumBunny/payload.txt b/payloads/library/execution/SerialNumBunny/payload.txt
index 1f177baf..3869c8d0 100644
--- a/payloads/library/execution/SerialNumBunny/payload.txt
+++ b/payloads/library/execution/SerialNumBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: SerialNumBunny
# Description: Execute strings placed in the Bunny serial number
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.0
# Category: Execution
# Attackmodes: HID, RNDIS_ETHERNET
diff --git a/payloads/library/execution/SerialNumBunny/readme.md b/payloads/library/execution/SerialNumBunny/readme.md
index ac20f5f5..1139e40a 100644
--- a/payloads/library/execution/SerialNumBunny/readme.md
+++ b/payloads/library/execution/SerialNumBunny/readme.md
@@ -1,6 +1,6 @@
**Title: SerialNumBunny**
-Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.0
@@ -14,6 +14,6 @@ You can get pretty creative here, from basically calling basic powershell comman
- Upload your script or the example provided onto your Bunnys switch folder.
- Plug in the Bunny and let the magic happen.
-
+
_Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._
diff --git a/payloads/library/exfiltration/WifiSnatch/payload.txt b/payloads/library/exfiltration/WifiSnatch/payload.txt
index 45aa88ce..42b6c249 100644
--- a/payloads/library/exfiltration/WifiSnatch/payload.txt
+++ b/payloads/library/exfiltration/WifiSnatch/payload.txt
@@ -2,7 +2,7 @@
#
# Title: WifiSnatch
# Description: Extract wifi information, such as passphrases & SSIDs
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.1
# Category: Exfiltration
# Attackmodes: HID, Storage
diff --git a/payloads/library/prank/-BB-AcidBurn/README.md b/payloads/library/prank/-BB-AcidBurn/README.md
index 9e799ed1..5b83236a 100644
--- a/payloads/library/prank/-BB-AcidBurn/README.md
+++ b/payloads/library/prank/-BB-AcidBurn/README.md
@@ -105,7 +105,7 @@ Arf
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
-* [0iphor13](https://github.com/0iphor13)
+* [0i41E](https://github.com/0i41E)
* [PhilSutter](https://github.com/PhilSutter)
diff --git a/payloads/library/prank/-BB-JumpScare/README.md b/payloads/library/prank/-BB-JumpScare/README.md
index 69ef63f2..ece60b5d 100644
--- a/payloads/library/prank/-BB-JumpScare/README.md
+++ b/payloads/library/prank/-BB-JumpScare/README.md
@@ -93,7 +93,7 @@ I am Jakoby
* [Hak5](https://hak5.org/)
* [MG](https://github.com/OMG-MG)
-* [0iphor13](https://github.com/0iphor13)
+* [0i41E](https://github.com/0i41E)
* [PhilSutter](https://github.com/PhilSutter)
diff --git a/payloads/library/remote_access/PingZhellBunny/Bunny.pl b/payloads/library/remote_access/PingZhellBunny/Bunny.pl
index 4bac2738..2a835894 100644
--- a/payloads/library/remote_access/PingZhellBunny/Bunny.pl
+++ b/payloads/library/remote_access/PingZhellBunny/Bunny.pl
@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
-# Modified by 0iphor13 for PingZhellBunny
+# Modified by 0i41E for PingZhellBunny
#
#
#
diff --git a/payloads/library/remote_access/PingZhellBunny/README.md b/payloads/library/remote_access/PingZhellBunny/README.md
index 6b190001..93203488 100644
--- a/payloads/library/remote_access/PingZhellBunny/README.md
+++ b/payloads/library/remote_access/PingZhellBunny/README.md
@@ -1,6 +1,6 @@
**Title: PingZhellBunny**
-
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.5
diff --git a/payloads/library/remote_access/PingZhellBunny/payload.txt b/payloads/library/remote_access/PingZhellBunny/payload.txt
index 2690061a..89617aac 100644
--- a/payloads/library/remote_access/PingZhellBunny/payload.txt
+++ b/payloads/library/remote_access/PingZhellBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: PingZhellBunny
# Description: Getting remote access via ICMP
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.5
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET
diff --git a/payloads/library/remote_access/ReverseBunny/README.md b/payloads/library/remote_access/ReverseBunny/README.md
index d3b39a26..fd2a6b3d 100644
--- a/payloads/library/remote_access/ReverseBunny/README.md
+++ b/payloads/library/remote_access/ReverseBunny/README.md
@@ -1,6 +1,6 @@
**Title: ReverseBunny**
-
Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.5
@@ -8,7 +8,7 @@ Version: 1.5
!Getting remote access via obfuscated reverse shell!
Upload payload.txt and RevBunny.ps1 onto your Bunny
-
+
Change the variables in payload.txt to your attacking machine & start your listener. (for example netcat: nc -lvnp [PORT] )
diff --git a/payloads/library/remote_access/ReverseBunny/payload.txt b/payloads/library/remote_access/ReverseBunny/payload.txt
index 75d003cc..fa5cd1ce 100644
--- a/payloads/library/remote_access/ReverseBunny/payload.txt
+++ b/payloads/library/remote_access/ReverseBunny/payload.txt
@@ -2,7 +2,7 @@
#
# Title: ReverseBunny
# Description: Get remote access, using an obfuscated powershell reverse shell.
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.5
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET
diff --git a/payloads/library/remote_access/ReverseBunnySSL/README.md b/payloads/library/remote_access/ReverseBunnySSL/README.md
index 63182453..6d07da86 100644
--- a/payloads/library/remote_access/ReverseBunnySSL/README.md
+++ b/payloads/library/remote_access/ReverseBunnySSL/README.md
@@ -1,6 +1,6 @@
**Title: ReverseBunnySSL**
-Author: 0iphor13
+
Author: 0i41E
OS: Windows
Version: 1.2
For input and inspiration - Thanks to: Cribbit, sebkinne
@@ -26,5 +26,5 @@ I recommend openssl itself or ncat - Example syntax for both:
**Disclaimer: Because of obfuscation, it may take some time until the shell is fully executed by powershell**
-
-
+
+
diff --git a/payloads/library/remote_access/ReverseBunnySSL/payload.txt b/payloads/library/remote_access/ReverseBunnySSL/payload.txt
index 57358c05..c42c2091 100644
--- a/payloads/library/remote_access/ReverseBunnySSL/payload.txt
+++ b/payloads/library/remote_access/ReverseBunnySSL/payload.txt
@@ -2,7 +2,7 @@
#
# Title: ReverseBunnySSL
# Description: Get remote access, using an obfuscated powershell reverse shell.
-# Author: 0iphor13
+# Author: 0i41E
# Version: 1.2
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET