From 78eb6e38282e537ddea4cfeee77f7a907c91edea Mon Sep 17 00:00:00 2001 From: xhico <31449326+xhico@users.noreply.github.com> Date: Sat, 2 Oct 2021 19:25:34 +0100 Subject: [PATCH] Wallpaper Changer (#245) --- .../prank/WallpaperChanger/payload.txt | 43 ++++++++++++++++++ payloads/library/prank/WallpaperChanger/s.ps1 | 10 ++++ payloads/library/prank/WallpaperChanger/w.png | Bin 0 -> 3211 bytes 3 files changed, 53 insertions(+) create mode 100644 payloads/library/prank/WallpaperChanger/payload.txt create mode 100644 payloads/library/prank/WallpaperChanger/s.ps1 create mode 100644 payloads/library/prank/WallpaperChanger/w.png diff --git a/payloads/library/prank/WallpaperChanger/payload.txt b/payloads/library/prank/WallpaperChanger/payload.txt new file mode 100644 index 00000000..daf073d0 --- /dev/null +++ b/payloads/library/prank/WallpaperChanger/payload.txt @@ -0,0 +1,43 @@ +#!/bin/bash +# +# Title: Change windows wallpaper +# Author: xhico +# Version: 1.0 +# Target: Windows +# +# Changes the users wallpaper from the ${SWITCH_POSITION} folder +# in the payloads library of the Bash Bunny USB Disk partition. +# +# Colors: +# | Status | Color | Description | +# | ---------- | ------------------------------| ------------------------------------------------ | +# | SETUP | Magenta solid | Setting attack mode, getting the switch position | +# | FAIL | Red slow blink | Could not find the wallpaper file | +# | ATTACK | Yellow single blink | Running the Powershell Script | +# | FINISH | Green blink followed by SOLID | Script is finished | + +# Magenta solid +LED SETUP + +# Get the switch position +GET SWITCH_POSITION +PAYLOAD_DIR=/root/udisk/payloads/$SWITCH_POSITION + +# Check for w.png s.ps1 files +if [[ ! -f ${PAYLOAD_DIR}/w.png || ! -f ${PAYLOAD_DIR}/s.ps1 ]]; then + LED FAIL + exit 1 +fi + +# Set the attack mode to HID and STORAGE +ATTACKMODE HID STORAGE + +# Yellow single blink +LED ATTACK + +# Run the command to change the wallpaper +RUN WIN powershell ".((gwmi win32_volume -f 'label=''BASHBUNNY''').Name+'payloads\\$SWITCH_POSITION\s.ps1') \"((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\w.png')\"" + + +# Green LED for finished +LED FINISH \ No newline at end of file diff --git a/payloads/library/prank/WallpaperChanger/s.ps1 b/payloads/library/prank/WallpaperChanger/s.ps1 new file mode 100644 index 00000000..fdc80206 --- /dev/null +++ b/payloads/library/prank/WallpaperChanger/s.ps1 @@ -0,0 +1,10 @@ +# Receives the path for the wallpaper file from the Bunnys Playload Dir +Param([string]$Path) + +# Sets the new wallpaper path to the desktop +# Copies the file from the Playload Dir to the Users Desktop +$new_path = "$env:USERPROFILE\Desktop\w.png" +cp $Path $new_path + +#Sets the wallpaper +Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $new_path \ No newline at end of file diff --git a/payloads/library/prank/WallpaperChanger/w.png b/payloads/library/prank/WallpaperChanger/w.png new file mode 100644 index 0000000000000000000000000000000000000000..6cc3b27881594206cd7442e0aeab419600616af5 GIT binary patch literal 3211 zcmV;640Q8}P)T z8yg#|iYjIR01MYiL_t(&fu&mKg0w0OwRaH_dl_|n|7W}jSg_3O?sxNR#zG(@CnrHo z`;8cWNS!8&BQn&ytg50Nr}ulAL3AmzkmWs%Ma4-L{%Y6=-s*oA?*3VqOJiQV zl`-b2FUpSB1Bv3SNgc)*MPa)*PTIurI>Gc$+GyS`o1zzqQtAc1xviQySzhzH9)_W= zEp?j4i%9tG(>$67aL{$|B*D)BH^>^w#oSnWD zq;bGx%xRhorAZm}{O4B;=T&9a`C2gQdie`=ZjI_H=flve_+es$cmt zudWFOEWW(tpeq|+9#AAe&;i4u#7=^`SXm>!G^H}x{F_lJ#(;Xka-uwH9GbZISr~pC zqGe4C8J6=h0^8Z;09)>p=y-0?=Uc>V0{T=p3x={uLJxzS)CF%Y-V+a}zZT;K%$Bt{ zWm@h#$3Dk@dl=kuVD73U=XCeNGIJ%vVkcP1ASLgKBav~S^SSE!^QC#~`IDKU_K z#~VzS=OMFR(xYV*+10ul8FTa;!Md~4Djzdob0Zv)uI?a8bsFa8lYYN1C)uBBv*H6- zlgk>x$ojF>W?+gddPR17z0ZCYK;G%ahM9JAkgUvrnMYa}M^3m}#Gq-!B|SQ#4s!eg z>$4I0$-t{6(@Om+k?Ig&&jLqG>dR9=*Je%ZkeFe>AW28S@v>+>G=jg(;L?9$npt+LR zPLm|lA^_qj)CGj_HRyFaCbIwh_l%`n=iHtSAlYW^TN+ZIt` zOOhk_+#eZcq&jpbN#mLbAyUzeyc|;!0V+cQMUxzZD@QX0XpuTeM+MI5>S15R&#E^{ z5p53CZJ6DOIPh}}-~tsAB-)ylZkso*6Rozv%=QOH`(e#%S_1n3=ZZ3%&2a~cJg@2}OY4E&doJ(jt)P}jzY7dh^ehXH7z z!chm}SUTW=>zL+SKQr7I{rx^>^umoEf;P__N^Ng1P&I>z)P@z9gmxgv;B!8pfk-px zoHisee-s*r3jrY_gdfcoR`_TlsCiedwsm9SaT0`97;aGqtUE$}Go$wSg^#1(BP#34 zpmL69Tu%^_allj`FFVUR6=DI(CK`rd(;g9qrRcd6{?q+FQWms1g4>LP%=}9FZPs1` z#fMJ{Z6a@t+tb7LqAeIkY-7NcA_#IVTOxc}q=iwcdyPo9I|tr7Dj?%E&&x7noy8PB zVNkN6OuH`^08akO^%=IfwD3|SO%0IJykZlAa%rUr-PcZXz;8wc&|zX$+6P!|N%RR= zy{@f}j*3rE4`~683uJ>>4-Vw4ywNkkePcxTmwPH-GAxV@uRJ?XJLA}1Q%Y*k<~Bg` zyjqb;5-FcdKp!0~#2y)a{bn;*^2$=q!H86Fngv}s1gu1(eg(l;W=kqrf#j_Ebo4kl zWIx!-wLo(=&zG2%3Si6BHHu5;v>rAqn&{lwAMMd*dz#z4$0sclPP;)Jz+1Ji1b(j1 z*9sMK({xv7Sa!@eADPry3o7oRE-1;|Mbr!S9vhbP z@y5<@iwgZj1ooU*QhJ7a!$Bh-6^64Gje?38CK}I*x3`zEZHuC9$G1Wp+d8vdbi1Q) z^fr=;asNJ*p?;p9@grH&9h!uru|4ftG$=AfyRGXj)EM7qgFDBs3A>Y7f0JO{PE?qq zwG+8qu(`)Fu`5f7Fdb&+dL*XV7JEHUf}-#t$qj6s~& zt_=IRn#e})6Ax={HR5*CJA^SAe-4=YB4MjFZJcB z@Mz3tp*tTQNOps`$5=kg`$O9-cp>1qD5lSt#P9v+Rbi~3W#LhlGUm+sl*;xt$MB>y zjk($lUwNUd8~C-DwjUVLs_>&@ew7#7k;WI(xD5Z)##k?V<>)uitlBM%v?61*uX!lD=IbxG94rhTz)o zOP^^e`4BsR*cTS}T5BFm745BGH9WU&%q=zgaNj}nf<5vB@{!8*oUhxVYQ};4R|eS3QLm>pyw8Qc$9w_iU`k*z`tfq4r&EVPP^hoA`!mU z35QXJCZvP{g;iSdw{l;+QCUJ z4uZs_zO_A^CvP%B+W}J8RYfn3w3qiZjeSvd-GE25%JzhL72{vK6NMT=hhBbdLZmA% zmCL=|Hcj6`@qP2*ER2>N!^^A^TPO}#=j%DgMKW3G$>HLkk2RIK#FKDLt(hWRWKgRy z`B7q7=d7Ldyf}MvNb$fN%3em#b}|_khg(`gS{bf_h5h0PKbHiWu1=7Szc_=p=unE9 z$<1n+8f~GjdO8)k${@qq+jzT0iuCiTv*ALC!E4lJ(0Irx?u3zwSgJlA*_@H?baPC zuCa>e7l13KX?#0omrcCCtJ6fQ<~QMU5&@a|>(B2A0kSuLJ3hRLCz}BL-_&V> z2N7Qq$vF6PTUrs=j`8RBU5AWoG5?PLWRkm-kHk_D-yug$$p6JtE+Wd`=n?6SfUR^1 zsQ%E{e~IxgVvFuT*Cej^V8(#7>xKzUbH0|=OBFqx6a5d7?P`4nDgiQ%)BfcbaE6Hf x&rN%ju*tike=mERXPMd;6fxm1zq9#S{sWVJu0flIx{m+=002ovPDHLkV1hj`B