mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
9fdacee185
Exploit Razer USA HID driver installation to System authority PowerShell. This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
23 lines
1.2 KiB
Markdown
23 lines
1.2 KiB
Markdown
# Razer System Shell from Bash Bunny
|
|
|
|
Author: Emptyhen
|
|
Version: 0.1
|
|
|
|
## Description
|
|
Makes use of a exploitation that's part of the driver installation process for Razer HID devices. From a low privilege (non administrator account) this code produces a System authority PowerShell prompt.
|
|
|
|
There are some long delays built into this payload to allow for the time required to install the drivers and start the Razer Synaptics installation and configuration tool.
|
|
|
|
Although this has been designed for the Bash Bunny, it should be compatible with the Key Croc too.
|
|
|
|
Note: To run the payload a second time, the Razer driver needs to be removed from Device Manager.
|
|
|
|
## STATUS
|
|
| LED Status | Status |
|
|
|------------------------|---------------------------------------------------|
|
|
| PINK | Payload starting and configuring the attack mode. |
|
|
| ORANGE - Single Flash | Waiting for drivers to be installed. |
|
|
| ORANGE - Two Flashes | Injecting keystrokes to create the shell. |
|
|
| ORANGE - Three Flashes | Waiting for PowerShell to launch |
|
|
| GREEN | Payload finished. |
|