New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431)

* Add files via upload * Update readme.md * Update payload.txt * Update readme.md * Update readme.md * Update readme.md * Update readme.md * Update readme.md * Add files via upload * Update readme.md * Update readme.md * Add Payload WIN_PoSH_HKU_RegBackUp * Update readme.md * Update payload.txt * Change for admin shell * Update readme.md * Update payload.txt * Update payload.txt * Update readme.md * Added payload WIN_PoSH_SaveSecurityHive Added new payload to exfiltration that saves the HKLM security hive to the bunny * Morse Code File Exfiltration A bit pointless with limitation of morse code but I thought it was fun to create. * Update readme.md * Update for non-alphanumeric * Update for timing * Update readme.md * Update readme.md * Update readme.md * Update readme.md * Update payload.txt * New payload - Fake Login Shows a fake version of the windows 10 login screen * Update readme.md * Changes to Fake Login Payload * Changes to Fake Login * Win_PoSH_FakeLogin: Changes to payload and readme * New recon payload: Win_PoSH_WordReport * Update fixed typo: Win_PoSH_WordReport
2025-10-29 16:58:25 +00:00 · 2021-04-30 17:02:21 +01:00
parent 7a0d036b74
commit 8cd8d859cd
5 changed files with 387 additions and 21 deletions
--- a/payloads/library/recon/Win_PoSH_WordReport/readme.md
+++ b/payloads/library/recon/Win_PoSH_WordReport/readme.md
@@ -0,0 +1,29 @@
+# Word Report
+- Author: Cribbit
+- Version: 1.0
+- Target: Windows (Powershell 5.1+)
+- Category: Recon
+- Attackmode: HID & Storage
+- Extensions: Run
+- Props: Don Murdoch, Boe Prox, Simen Kjeserud, DannyK999 & T.J. Connor
+
+## Change Log
+| Version | Changes         |
+| ------- | --------------- |
+| 1.0     | Initial release |
+
+## Description
+This payload in similar to the [InfoGrabber](https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/recon/InfoGrabber) payload. But save the info to a MS Word document and collects some different data.
+
+This payload needs an admin powershell prompt to run
+
+## Configuration
+This payload is written for an English version of windows. You will need to update the letters used when accessing the menu with ALT for other languages
+
+## Colours
+| Status   | Colour                        | Description                 |
+| -------- | ----------------------------- | --------------------------- |
+| SETUP    | Magenta solid                 | Setting attack mode         |
+| ATTACK   | Yellow single blink           | Injecting Powershell script |
+| INJECTED | Green blink followed by SOLID | Injection finished          |
+| FINISHED | Blinks the scroll lock twice  | Script is finished          |