New Payload: Razer System Shell (#463)

Exploit Razer USA HID driver installation to System authority PowerShell. This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
2025-10-29 16:58:25 +00:00 · 2021-08-24 20:30:24 +01:00
parent 9b86d8c991
commit 9fdacee185
2 changed files with 62 additions and 0 deletions
--- a/payloads/library/execution/RazerSystemShell/README.md
+++ b/payloads/library/execution/RazerSystemShell/README.md
@@ -0,0 +1,22 @@
+# Razer System Shell from Bash Bunny
+
+Author:        Emptyhen
+Version:       0.1
+
+## Description
+Makes use of a exploitation that's part of the driver installation process for Razer HID devices. From a low privilege (non administrator account) this code produces a System authority PowerShell prompt.
+
+There are some long delays built into this payload to allow for the time required to install the drivers and start the Razer Synaptics installation and configuration tool.
+
+Although this has been designed for the Bash Bunny, it should be compatible with the Key Croc too.
+
+Note: To run the payload a second time, the Razer driver needs to be removed from Device Manager.
+
+## STATUS
+| LED Status             | Status                                            |
+|------------------------|---------------------------------------------------|
+| PINK                   | Payload starting and configuring the attack mode. |
+| ORANGE - Single Flash  | Waiting for drivers to be installed.              |
+| ORANGE - Two Flashes   | Injecting keystrokes to create the shell.         |
+| ORANGE - Three Flashes | Waiting for PowerShell to launch                  |
+| GREEN                  | Payload finished.                                 |